cookie_session Authenticator not working with gRPC middleware

[andrewweston]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] This issue affects my Ory Cloud project.
• [X] I have joined the Ory Community Slack.
• [x] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

The gRPC middleware httpRequest method transforms selected grpc metadata keys to http headers. The only metadata items translated are "authorization" and those with keys beginning with "x-" (see https://github.com/ory/oathkeeper/blob/master/middleware/grpc_middleware.go#L33-L41).

This means the Cookie header is not set and the cookie_session authenticator fails.

Reproducing the bug

1. Create a simple Go/gRPC app that uses the OathKeeper UnaryServerInterceptor
2. Configure the cookie_session authenticator (see below)
3. Add a "cookie" gRPC metadata item (using a valid Ory session cookie)
4. Make a gRPC request (Postman gRPC request)

Relevant log output

No response

Relevant configuration

config.yaml:

serve:
  proxy:
    port: 4455
  api:
    port: 4456

access_rules:
  repositories:
    - file://rules.yaml

authenticators:
  cookie_session:
    enabled: true
    config:
      check_session_url: https://<project-slug>.projects.oryapis.com/sessions
      preserve_path: true
      force_method: GET

authorizers:
  allow:
    enabled: true

rules.yaml:

- id: some-id
  match:
    authority: localhost:50001
    full_method: hello.helloService/Hello
  authenticators:
    - handler: cookie_session

Version

v0.40.1-0.20220923195049-ae7b65b54090 (latest commit)

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

No response

Additional Context

Making the following change to https://github.com/ory/oathkeeper/blob/master/middleware/grpc_middleware.go#L36

// if k == "authorization" || strings.HasPrefix(k, "x-") {
if k == "authorization" || k == "cookie" || strings.HasPrefix(k, "x-") {

leads to a successful request

[aeneasr]

Thank you for the report! Unfortuantely, the gRPC middleware is very experimental right now :(