ory/oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
GoApache-2.0
Pinned issues
Issues
- 0
- 2
Authenticator: Bearer_token w. "query_parameter" selector consumes request body
#1105 opened by marbergq - 1
Configuration reference isn't displayed at ory.sh
#1190 opened by renom - 0
Option strip_path is ignored by .MatchContext.URL.Path
#1204 opened by renom - 0
insecure_skip_verify for upstream
#1201 opened by wei840222 - 1
- 1
Oathkeeper docker-compose.yml outdated env vars
#1164 opened by cerealkill - 0
Multiple matching rules are causing 500
#1196 opened by krukowskid - 0
Multiple authorizers
#1194 opened by renom - 9
Upgrade Oathkeeper helm chart 0.41 causes 503
#1165 opened by WoodyWoodsta - 0
- 1
upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
#1132 opened by github-actions - 2
- 1
Decision API is not respecting the token_from config
#1144 opened by osbornk - 6
- 14
Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request
#1136 opened by denysandriyanov - 8
Allow for easily matching rules using path prefixes
#1089 opened by davidspek - 6
Oathkeeper duplicates CORS headers
#1100 opened by kamilkloch - 3
- 2
Oathkeeper returns a 401 "Access credentials are invalid" when exceeding Ory Network's rate limiting on /sessions/whoami endpoint
#1167 opened by wewelll - 2
Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files
#1154 opened by qdrddr - 0
- 2
- 0
Implement a `delegate` authenticator
#1152 opened by yunier-sc - 4
- 0
Match response body in remote_json authorizer
#1169 opened by jaspeen - 15
- 1
- 0
Oathkeeper returns encoded cookie
#1158 opened by c0d3rm0n - 0
- 1
Watch rules changes on remote repositories
#1072 opened by emmanuelgautier - 2
`strip_path` strips the prefix from the final upstream request, not the initial request
#1085 opened by syserr0r - 1
- 0
Outdated OTEL dependencies prevent import
#1148 opened by nico151999 - 0
Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config
#1141 opened by sunnyyip - 1
Custom bearer token not redacted
#1081 opened by SkypLabs - 1
X-Forwarded headers missing from oauth2-client-credentials authenticator request on v.0.40.3, breaking hydra TLS termination
#1102 opened by mathportillo - 0
Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
#1137 opened by sayoun - 0
Docs wrong for `bearer_token` Subject default location
#1130 opened by logan-hcg - 4
Observed memory leak in v0.40.3
#1112 opened by shoujun - 2
- 9
Leak sensitive secrets option not working
#1067 opened by SkypLabs - 10
Regex path matching isn't working.
#1095 opened by KieronWiltshire - 4
Unable to initialize Tracer.
#1066 opened by KieronWiltshire - 2
The ability to pass oauth scopes to the application layer without having to write checks on every route.
#1088 opened by KieronWiltshire - 1
- 1
Your documentation doesn't work
#1076 opened by oneacik - 4
No response for reported security issue for a month
#1071 opened by viters - 1
0.40.1 does not build on macos
#1068 opened by radekg - 1
Middleware initializes pgx/v4
#1064 opened by rlorca