Our introspection endpoint is protected with basic authentication.
Is it possible to configure a basic authentication to oauth2_introspection authenticator ?
/Daastek
Our introspection endpoint is protected with basic authentication.
Is it possible to configure a basic authentication to oauth2_introspection authenticator ?
/Daastek
What would you expect that to look like? Would Oathkeeper store the credentials?
Yes, it will be ideal if we can add a client_id and client_secret to the the configuration of oauth_introspection authenticator.
Every introspection request will get this client_id and secret added as basic auth header.
So there is oauth2_client_credentials
which might do what you’re looking for. If not happy to explore other options
oauth2_client_credentials does not work in this case, since the client is sending only the token as a bearer token. It is just that our introspection endpoint has a basic auth and currently no way to send the credentials from oathkeeper.
Regarding other options, Do you have any suggestions
Oh, I completely misread your opening post then! Sorry about the confusion! You can configure the introspection handler to handle pre-authorization (sending client_id and client_secret to the introspection endpoint)
authenticators:
oauth2_introspection:
enabled: true
config:
pre_authorization:
enabled: true
client_id: some_id
client_secret: some_secret
scope:
- introspect
token_url: https://my-website.com/oauth2/token