Convert OAuth access tokens into JWTs with Oathkeeper

Hi all :wave:

I’ve been experimenting with the ORY stack for some time to asses it’s suitability for an upcoming project in my organization.

While diving into hydra, I encountered one point which confused me:

In the docs for hydra, it is stated under the fifth point of “JSON Web Tokens” section in the advanced topics that ‘[ORY Oathkeeper] will “convert” ORY Hydra’s opaque Access Tokens into JSON Web Tokens for your backend services. […]’.

I want that. Badly.
Unfortunately, I failed miserably in trying to comprehend where Oathkeeper is supposed to do this.
While skimming Oathkeepers REST API, I didn’t find an answer that seemed obvious to me.
Is it part of the “oauth2_introspection” authenticator?
Or am I missing something entirely?

Any guidance on how this process - Oathkeeper converting opaque OAuth access tokens into JWTs - wórks is highly appreciated! :sweat_smile:

tl;dr: How does Oathkeeper convert opaque OAuth access tokens into JWTs?

You need to use Oathkeeper Mutators to convert the introspected data from the token into a JWT for your underlying services.

See: https://www.ory.sh/docs/oathkeeper/pipeline/mutator

1 Like

Thanks, right on point!

Can’t believe I missed that :roll_eyes: