Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add docs for delegate authenticator #1660

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: add docs for delegate authenticator #1660

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2f231c5
feat: add docs for delegate authenticator
yunier-rojas Mar 7, 2024
822872f
Merge branch 'master' into issue-1152-add-delegate-authenticator
yunier-rojas Mar 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions code-examples/oathkeeper/oathkeeper/oathkeeper.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@ authenticators:
noop:
enabled: true

delegate:
enabled: true

authorizers:
allow:
enabled: true
Expand Down
57 changes: 52 additions & 5 deletions docs/oathkeeper/pipeline/authn.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,9 @@ are valid! If a handler encounters invalid credentials, then other handlers will

## `noop`

The `noop` handler tells Ory Oathkeeper to bypass authentication, authorization, and mutation. This implies that no authorization
will be executed and no credentials will be issued. It's basically a pass-all authenticator that allows any request to be
forwarded to the upstream URL.
The `noop` handler always authenticate the user, no questions asked. It applies authorization, and mutation.

> Using this handler is basically an allow-all configuration. It makes sense when the upstream handles access control itself or
> doesn't need any type of access control.
> Using this handler is basically an allow-all configuration.

### `noop` configuration

Expand Down Expand Up @@ -215,6 +212,56 @@ The request isn't authorized because credentials have been provided but only the
authenticator is enabled for this URL.
```

## `delegate`

The `delegate` handler tells Ory Oathkeeper to bypass authentication, authorization, and mutation. This implies that no
authorization will be executed and no credentials will be issued. It's basically a pass-all authenticator that allows any request
to be forwarded to the upstream URL.

> Using this handler is basically an allow-all configuration. It makes sense when the upstream handles access control itself or
> doesn't need any type of access control.

### `delegate` configuration

This handler isn't configurable.

To enable this handler, set:

```yaml
# Global configuration file oathkeeper.yml
authenticators:
delegate:
# Set enabled to true if the authenticator should be enabled and false to disable the authenticator. Defaults to false.
enabled: true
```

### `delegate` access rule example

```sh
cat ./rules.json

[{
"id": "some-id",
"upstream": {
"url": "http://my-backend-service"
},
"match": {
"url": "http://my-app/some-route",
"methods": [
"GET"
]
},
"authenticators": [{
"handler": "delegate"
}]
}]

curl -X GET http://my-app/some-route

HTTP/1.0 200 Status OK
The request has been allowed!
```

## `cookie_session`

The `cookie_session` authenticator will forward the request method, path and headers to a session store. If the session store
Expand Down
Loading