Using Oathkeeper - External Consumer App #158
Comments
|
What does Keto show in the logs? |
|
Closing because stale. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm having an issue when I try to use my access rules(Oathkeeper), policies and roles (Keto) with an external consumer app.
I have valid access tokens obtained from Hydra (login & consent flow - authorization code flow performed before this step). Oathkeeper produces the following errors when it tries to authorize (handler keto_engine_acp_ory) current request.
Docker Logs - API
time="2019-03-11T14:14:33Z" level=info msg="started handling request" method=GET remote="172.22.0.1:36978" request=/judge/api/dummies time="2019-03-11T14:14:33Z" level=warning msg="The authorization handler encountered an error" access_url="http://localhost:4456/api/dummies" authorization_handler=keto_engine_acp_ory error="Access credentials are not sufficient to access this resource" granted=false reason_id=authorization_handler_error time="2019-03-11T14:14:33Z" level=warning msg="Access request denied" access_url="http://localhost:4456/api/dummies" error="Access credentials are not sufficient to access this resource" granted=false time="2019-03-11T14:14:33Z" level=error msg="An error occurred while handling a request" code=403 details="map[]" error="Access credentials are not sufficient to access this resource" reason= request-id= status=Forbidden trace="Stack trace: \ngithub.com/ory/oathkeeper/proxy.(*AuthorizerKetoWarden).Authorize\n\t/go/src/github.com/ory/oathkeeper/proxy/authorizer_keto_warden.go:130\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:147\ngithub.com/ory/oathkeeper/judge.(*Handler).judge\n\t/go/src/github.com/ory/oathkeeper/judge/handler.go:103\ngithub.com/ory/oathkeeper/judge.(*Handler).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/judge/handler.go:70\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*MetricsManager).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:207\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/[email protected]/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1964\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON time="2019-03-11T14:14:33Z" level=info msg="completed handling request" measure#oathkeeper-api.latency=17072600 method=GET remote="172.22.0.1:36978" request=/judge/api/dummies status=403 text_status=Forbidden took=17.0726msDocker Logs - Proxy
time="2019-03-11T14:15:13Z" level=info msg="started handling request" method=GET remote="172.22.0.1:36742" request=/api/dummies time="2019-03-11T14:15:13Z" level=warning msg="The authorization handler encountered an error" access_url="http://localhost:4455/api/dummies" authorization_handler=keto_engine_acp_ory error="Access credentials are not sufficient to access this resource" granted=false reason_id=authorization_handler_error time="2019-03-11T14:15:13Z" level=warning msg="Access request denied" access_url="http://localhost:4455/api/dummies" error="Access credentials are not sufficient to access this resource" granted=false time="2019-03-11T14:15:13Z" level=error msg="An error occurred while handling a request" code=403 details="map[]" error="Access credentials are not sufficient to access this resource" reason= request-id= status=Forbidden trace="Stack trace: \ngithub.com/ory/oathkeeper/proxy.(*AuthorizerKetoWarden).Authorize\n\t/go/src/github.com/ory/oathkeeper/proxy/authorizer_keto_warden.go:130\ngithub.com/ory/oathkeeper/proxy.(*RequestHandler).HandleRequest\n\t/go/src/github.com/ory/oathkeeper/proxy/request_handler.go:147\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director\n\t/go/src/github.com/ory/oathkeeper/proxy/proxy.go:121\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Director-fm\n\t/go/src/github.com/ory/oathkeeper/cmd/serve_proxy.go:219\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:197\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*MetricsManager).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:207\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\ngithub.com/rs/cors.(*Cors).Handler.func1\n\t/go/pkg/mod/github.com/rs/[email protected]/cors.go:207\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1964\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON time="2019-03-11T14:15:13Z" level=info msg="completed handling request" measure#oathkeeper-proxy.latency=9067300 method=GET remote="172.22.0.1:36742" request=/api/dummies status=403 text_status=Forbidden took=9.0673msSending request with Postman App,
{ "error": { "code": 403, "status": "Forbidden", "message": "Access credentials are not sufficient to access this resource" } }Anyone have any idea why this is happening? All configurations are correct (based on the latest full stack example) and the error message does not provide a clear motive.
Thanks 👍
The text was updated successfully, but these errors were encountered: