ory/oathkeeper

Oathkeeper: adding additional info to oathkeeper info logs

Opened this issue · 1 comments

Preflight checklist

Ory Network Project

No response

Describe your problem

Hi everyone, I am looking for a way to include more information in the oathkeeper info logs related to authorization, in particular adding an email field as one of the log attributes. Current log example:

2024-12-02T15:06:22.65936591Z stderr F {"audience":"application","granted":true,"http_host":"127.0.0.1:4467","http_method":"PUT","http_url":"http://127.0.0.1:4467/admin/relation-tuples","http_user_agent":"curl/7.74.0","level":"info","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"v0.40.6","subject":"12345","time":"2024-12-02T15:06:22.659248722Z"}

Describe your ideal solution

An ideal solution would allow, for example, to add an "email" field from the JWT token (sent to the Oathkeeper) in the logs as well:

2024-12-02T15:06:22.65936591Z stderr F {"audience":"application","granted":true,"http_host":"127.0.0.1:4467","http_method":"PUT","http_url":"http://127.0.0.1:4467/admin/relation-tuples","http_user_agent":"curl/7.74.0","level":"info","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"v0.40.6","email":"user@email.com","subject":"12345","time":"2024-12-02T15:06:22.659248722Z"}

Workarounds or alternatives

I would also appreciate any advice for potential alternatives for audit tracking for ory oathkeeper and ory keto for a self-hosted instance - thank you!

Version

0.40.6

Additional Context

No response

I vote for this feature. I would also be interested in using these logs for access auditing.