Docs wrong for `bearer_token` Subject default location - Githubissues

ory / oathkeeper

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=hydra

Apache License 2.0

3.2k stars 349 forks source link

Docs wrong for `bearer_token` Subject default location #1130

Open logan-hcg opened 10 months ago

logan-hcg commented 10 months ago

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[X] I have joined the Ory Community Slack.
[X] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

The default is sub:

https://github.com/ory/oathkeeper/blob/4d61221f9d0c0070a2b5a6fb96295caf156279ee/pipeline/authn/authenticator_bearer_token.go#L115

but documentation shows it it subject:

https://www.ory.sh/docs/oathkeeper/pipeline/authn#bearer_token

Reproducing the bug

Configure bearer_token authenticator
Return status 200 and the body {"subject": "test-subject"}

Subject is empty instead of expected test-subject. Changing the response to {"sub": "test-subject"} returns the proper subject value.

Relevant log output

No response

Relevant configuration

No response

Version

v0.40.6

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response