Hello wave I am trying to get `Subject` field logged for `oa Ory Community #talk-oathkeeper

Hello! :wave: I am trying to get `Subject` field l...

steep-musician-43528

11/22/2022, 2:43 PM

Hello! 👋 I am trying to get

Subject

field logged for

oauth2_client_credentials

authenticator, however I'm not seeing it 👀 🧵

steep-musician-43528

11/22/2022, 2:45 PM

example log:

Copy code

{
  "audience": "application",
  "granted": true,
  "http_host": "<http://some.domain.com|some.domain.com>",
  "http_method": "POST",
  "http_url": "<https://some.domain.com/api/some-api>",
  "http_user_agent": "",
  "level": "info",
  "msg": "Access request granted",
  "service_name": "ORY Oathkeeper",
  "service_version": "v0.39.0",
  "time": "2022-11-22T14:35:50Z"
}

I was hoping that this PR introduced subject logging, but i might be misunderstanding it?

faint-insurance-61054

11/22/2022, 3:43 PM

As I can see from the code the Subject will be there only if the sessions was authenticated

faint-insurance-61054

11/22/2022, 3:43 PM

Copy code

if sess, ok := r.Context().Value(proxy.ContextKeySession).(*authn.AuthenticationSession); ok {
		fields["subject"] = sess.Subject
	}

steep-musician-43528

11/22/2022, 4:06 PM

I passed

Authentication: Basic <credentials>

header to the request and it was authenticated (i got a 200 from API and granted=true log from oathkeeper). IIUC oathkeeper should log Subject, unless some other form of

authenticated sessions

is meant in this bit of code? i guess my question is - does it work for everyone else and i'm misunderstanding the feature/config, or is it a time to open an issue?

freezing-needle-9807

11/24/2022, 11:29 AM

@steep-musician-43528 Could you provide token endpoint response from oauth2 auth server?

2 Views

Open in Slack

Previous Next