Comments (8)
Interesting idea, could you walk me through how vault works and how tokens/keys are validated at vault?
from oathkeeper.
from oathkeeper.
Yes, but it seems to me like it's storing access credentials and gives them out based on other credentials issued by vault, I'm not sure if it also allows verification of the stored access credentials as it is agnostic to them. It would be great if you could go into some detail (maybe particular flows or APIs), this would help a lot in understanding why vault would make sense as an authorization server coupled to oathkeeper.
from oathkeeper.
from oathkeeper.
from oathkeeper.
Oxy provides a gateway but you must have a place to store the enterprise multi tenant ( iaas level and pass etc) secrets and check them, roll them and revoke them.
I do understand that you can fetch credentials from vault, but those credentials are to be validated at a different endpoint. Typically you would, for example, store an API key in vault, fetch the API key from vault using some credentials, then use that API key at another endpoint. That endpoint validates the API key.
This proxy takes, for example, an API key and asks some endpoint if the API key is valid. In this regard, vault does (to my understanding) not play a role. It might be possible to first fetch the key from vault, then use it at Oathkeeper, and Oathkeeper validates it at another endpoint. To Oathkeeper itself however, it doesn't matter at all how the credentials were obtained and thus an integration with vault does not make sense.
Let me know if I blatantly misunderstood something, but I don't see how the integration would look like. That is why I asked for specifics on this matter.
from oathkeeper.
from oathkeeper.
I took some time yesterday to look through the docs and wasn't able to figure out a way to make a useful integration. I'm thus closing this issue. Regardless, thank you for your ideas & time. If I missed something please let me know and I'll immediately reopen the issue, I think integration with vault would be amazing.
from oathkeeper.
Related Issues (20)
- Issue with Oathkeeper authenticator oauth_introspection HOT 1
- Custom bearer token not redacted HOT 1
- Support distributed cache access token when introspection
- `strip_path` strips the prefix from the final upstream request, not the initial request HOT 2
- The ability to pass oauth scopes to the application layer without having to write checks on every route. HOT 2
- Allow for easily matching rules using path prefixes HOT 7
- Regex path matching isn't working. HOT 10
- Oathkeeper duplicates CORS headers HOT 3
- X-Forwarded headers missing from oauth2-client-credentials authenticator request on v.0.40.3, breaking hydra TLS termination HOT 1
- Authenticator: Bearer_token w. "query_parameter" selector consumes request body
- Observed memory leak in v0.40.3 HOT 4
- Configure JWT authenticator not to logging sensitive data
- Allow/deny `remote(_json)` authorizers depending response content
- Allow API key pre-authorization in oauth2_introspection authenticator HOT 2
- "any" matching option for "required_scope" in JWT authenticator HOT 1
- Docs wrong for `bearer_token` Subject default location
- upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
- Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request HOT 13
- Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
- Oathkeeper does not support X-Forwarded headers properly HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oathkeeper.