Oathkeeper: adding additional info to oathkeeper info logs
Opened this issue · 1 comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe your problem
Hi everyone, I am looking for a way to include more information in the oathkeeper info logs related to authorization, in particular adding an email field as one of the log attributes. Current log example:
2024-12-02T15:06:22.65936591Z stderr F {"audience":"application","granted":true,"http_host":"127.0.0.1:4467","http_method":"PUT","http_url":"http://127.0.0.1:4467/admin/relation-tuples","http_user_agent":"curl/7.74.0","level":"info","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"v0.40.6","subject":"12345","time":"2024-12-02T15:06:22.659248722Z"}
Describe your ideal solution
An ideal solution would allow, for example, to add an "email" field from the JWT token (sent to the Oathkeeper) in the logs as well:
2024-12-02T15:06:22.65936591Z stderr F {"audience":"application","granted":true,"http_host":"127.0.0.1:4467","http_method":"PUT","http_url":"http://127.0.0.1:4467/admin/relation-tuples","http_user_agent":"curl/7.74.0","level":"info","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"v0.40.6","email":"user@email.com","subject":"12345","time":"2024-12-02T15:06:22.659248722Z"}
Workarounds or alternatives
I would also appreciate any advice for potential alternatives for audit tracking for ory oathkeeper and ory keto for a self-hosted instance - thank you!
Version
0.40.6
Additional Context
No response
I vote for this feature. I would also be interested in using these logs for access auditing.