A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
I am trying to send a custom token header to the Oathkeeper API for token auth. But it seems to not pass a custom token header to the check_session_url. Instead, it does not send a token at all.
Oathkeeper does check the token. If I don't include the token, Oathkeeper immediately returns a 401. But it never gets passed onto the check_session_url.
Having this issue as well, the only thing that works is the default i.e not providing any token_from value at all. If you provide anything else, you get 401.
Preflight checklist
Ory Network Project
No response
Describe the bug
I am trying to send a custom token header to the Oathkeeper API for token auth. But it seems to not pass a custom token header to the
check_session_url
. Instead, it does not send a token at all.Oathkeeper does check the token. If I don't include the token, Oathkeeper immediately returns a 401. But it never gets passed onto the
check_session_url
.Reproducing the bug
Here is my command:
From my logs, my request makes it to Kratos, but without the token, so it produces a 401.
My expectation is for Oathkeeper to read the header
xxx
and sendAuthorization: Bearer sometoken
to Kratos.If I remove the
token_from
section from the config and use the default values, this works.Relevant log output
No response
Relevant configuration
Version
0.40.6
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
No response