ory/oathkeeper

Issues

• Oathkeeper returns a 401 "Access credentials are invalid" when exceeding Ory Network's rate limiting on /sessions/whoami endpoint

  #1167 opened 18 days ago by wewelll
  1

• Oathkeeper does not support X-Forwarded headers properly

  #1139 opened 7 months ago by eratolekov
  3

• Upgrade Oathkeeper helm chart 0.41 causes 503

  #1165 opened 2 months ago by WoodyWoodsta
  8

• Oathkeeper bombards Ory Network with requests after upgrade to 40.x

  #1161 opened 2 months ago by Withel
  14

• Oathkeeper docker-compose.yml outdated env vars

  #1164 opened a month ago by cerealkill
  0

• Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files

  #1154 opened 3 months ago by qdrddr
  1

• Support distributed cache access token when introspection

  #1082 opened 2 months ago by tinhtn1508
  1

• Oathkeeper returns encoded cookie

  #1158 opened 2 months ago by c0d3rm0n
  0

• Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request

  #1136 opened 9 months ago by denysandriyanov
  13

• Duplicate requests using decisions endpoint via NGINX

  #1156 opened 2 months ago by karlis-vagalis
  0

• Watch rules changes on remote repositories

  #1072 opened 2 months ago by emmanuelgautier
  1

• `strip_path` strips the prefix from the final upstream request, not the initial request

  #1085 opened a year ago by syserr0r
  2

• Implement a `delegate` authenticator

  #1152 opened 3 months ago by yunier-sc
  0

• None of the provided URLs returned a valid JSON Web Key Set

  #1151 opened 3 months ago by adriano-di-giovanni
  1

• Outdated OTEL dependencies prevent import

  #1148 opened 4 months ago by nico151999
  0

• Decision API is not respecting the token_from config

  #1144 opened 6 months ago by osbornk
  0

• Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config

  #1141 opened 6 months ago by sunnyyip
  0

• Custom bearer token not redacted

  #1081 opened a year ago by SkypLabs
  1

• X-Forwarded headers missing from oauth2-client-credentials authenticator request on v.0.40.3, breaking hydra TLS termination

  #1102 opened 9 months ago by mathportillo
  1

• Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler

  #1137 opened 9 months ago by sayoun
  0

• "any" matching option for "required_scope" in JWT authenticator

  #1129 opened 10 months ago by damianpietruszewski
  1

• upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342

  #1132 opened 9 months ago by github-actions
  0

• Docs wrong for `bearer_token` Subject default location

  #1130 opened 9 months ago by logan-hcg
  0

• Oathkeeper duplicates CORS headers

  #1100 opened a year ago by kamilkloch
  3

• Observed memory leak in v0.40.3

  #1112 opened 10 months ago by shoujun
  4

• Allow API key pre-authorization in oauth2_introspection authenticator

  #1126 opened 10 months ago by marcinfigiel
  2

• Allow for easily matching rules using path prefixes

  #1089 opened a year ago by davidspek
  7

• Leak sensitive secrets option not working

  #1067 opened 10 months ago by SkypLabs
  9

• Allow/deny `remote(_json)` authorizers depending response content

  #1125 opened 10 months ago by David-Wobrock
  0

• Configure JWT authenticator not to logging sensitive data

  #1115 opened a year ago by StanislavStefanov
  0

• Authenticator: Bearer_token w. "query_parameter" selector consumes request body

  #1105 opened a year ago by marbergq
  0

• Regex path matching isn't working.

  #1095 opened a year ago by KieronWiltshire
  10

• Unable to initialize Tracer.

  #1066 opened a year ago by KieronWiltshire
  4

• The ability to pass oauth scopes to the application layer without having to write checks on every route.

  #1088 opened a year ago by KieronWiltshire
  2

• Issue with Oathkeeper authenticator oauth_introspection

  #1078 opened a year ago by dblane-digicatapult
  1

• Your documentation doesn't work

  #1076 opened a year ago by oneacik
  1

• No response for reported security issue for a month

  #1071 opened a year ago by viters
  4

• Regression: CORS is not handled properly

  #1054 opened a year ago by marcinfigiel
  0

• Performance/CPU usage regression in v0.40.0

  #1033 opened a year ago by David-Wobrock
  10

• 0.40.1 does not build on macos

  #1068 opened a year ago by radekg
  1

• Middleware initializes pgx/v4

  #1064 opened a year ago by rlorca
  1

• oathkeeper repo is too big

  #1040 opened a year ago by Lan-Phan
  2

• Connection reuse in proxy mode

  #1045 opened a year ago by ecktom
  0

• cookie_session Authenticator not working with gRPC middleware

  #1023 opened 2 years ago by andrewweston
  1

• introspection_request_headers value?

  #1026 opened 2 years ago by scoutinhobh
  1

• Using X-Forwarded-Uri header does not URL-decode or filter queries before matching rules

  #1003 opened 2 years ago by akshualy
  1

• remote_json encounted a go json error

  #1031 opened 2 years ago by qscez2001
  0

• Unauthenticated requests with any cookie (but no session cookie) receive a 401 even with anonymous authenticator

  #1017 opened 2 years ago by joaojramia
  9

• Oathkeeper failed with cryptic error when remote_json authorizer returns response body

  #1007 opened 2 years ago by omerlh
  1

• oathkeeper breaks with custom domain

  #1005 opened 2 years ago by finsterwalder
  0