This message was deleted.
# generalm
microscopic-answer-24504
02/10/2023, 7:18 AMThis message was deleted.
a
agreeable-lifeguard-99976
02/10/2023, 7:18 AMI thought I saw something about this some where say it’s not but can’t find it.
r
red-machine-69654
02/10/2023, 9:03 AMExplain “in front”
a
agreeable-lifeguard-99976
02/10/2023, 11:32 AMOry Network <--> Oathkeeper <--> Apps/Services
r
red-machine-69654
02/10/2023, 11:32 AMWe are doing that
red-machine-69654
02/10/2023, 11:32 AMWait
red-machine-69654
02/10/2023, 11:32 AMNo
red-machine-69654
02/10/2023, 11:32 AMWe do:
red-machine-69654
02/10/2023, 11:33 AMOK — Ory Network —> Apps/Services
red-machine-69654
02/10/2023, 11:33 AMIf that makes sense?
a
agreeable-lifeguard-99976
02/10/2023, 11:34 AMYeah, it does. But we have a bunch of legacy that require JWT. So figured that having Oathkeeper in the mix would solve that.
r
red-machine-69654
02/10/2023, 11:34 AMAh, neat
red-machine-69654
02/10/2023, 11:35 AMOK made lots of things easier for us
a
agreeable-lifeguard-99976
02/10/2023, 11:35 AMBut is it a good approach 🤷
r
red-machine-69654
02/10/2023, 11:35 AMGuess it depends on latency… so far not a problem
red-machine-69654
02/10/2023, 11:36 AMI think I also talk to Ory Network directly at times (for the kratos apis) but otherwise it seems to work really well
m
magnificent-energy-493
02/10/2023, 5:10 PM
You do not need to put Oathkeeper in front, you can also use any other API gateway/ reverse proxy. Oathkeeper does have a few features that are useful in combination with the rest of Ory, for example transforming Ory session tokens into JWT.
r
red-machine-69654
02/10/2023, 5:24 PMYeah, we use it as a gw to most of the pieces and then also to assemble various services behind a single host.
api.example.org/path1 —> svc1
api.example.org/path2 —> svc2
etc.
And non of my services deal with authn anymore. It’s bliss!
3 Views