Expose match rules as HATEOAS

Hey there!

This is a random question.

Is there any simple way to expose another API into Ory Oathkeeper? We are using Oathkeeper behind our component that handles HATEOAS services and it’s pain register every match url from rules into our component.

I was thinking to add a new route into Oathkeeper to return matches URLs as HATEOAS format. If you think it makes sense, I could open a PR to you.

Could you go a bit into an example of HATEOAS use and why it’s difficult to implement as rules in Oathkeeper?

We are exposing Oathkeeper behind our security component that encrypt routes - for every request, it’s created a session and available resources are encrypted for that session.

The main idea of our security component is to call the root entry point that you set and retrieve all resources available for that resource.

In our case, we are setting root entry point to ory oathkeeper proxy but we can’t retrieve every “route” available so we need to set every single url match into our security component - for now, it’s not a problem because we have just a few rules.

I was about to create an external API that was going to respond on / and do a kind of parse into /rules to respond it in hateoas format but it could be nice have something native in oathkeeper instead of you need to create an external API and need to add a new rule to bypass authenticator, authorizer and mutators just to get list of “resources” available.

Basically, I would like to handle a “match url” from oathekeeper rules as a resource. My idea is to expose something extra in case of other persons face the same point that we are but I’m not sure if makes sense to expose this kind of route to solve a problem that probably is not a “real problem”.

Do you think makes sense to have something like that in Oathkeeper in scenarios that you can not expose nothing directly?

Thank you for the explanation. It’s still a bit abstract for me to understand so I think the best would probably be to do a proposal around what you’d like to change and how. That way I think it will become much clearer to me and easier to judge if it makes sense to add or not :slight_smile: