Is Oathkeeper meant to be a proxy between services as well as authorizing end users?

Am I correct in thinking that, since Oathkeeper is for both edge routing / auth and service to service routing / auth that most of my application requests should be directed at Oathkeeper now?

For example, I’m using Docker Compose and have Oathkeeper’s container name set to ok.test, so now instead of having service-one make a request to service-two, I would update it to make a request to service-two.ok.test and have Oathkeeper’s upstream URL for that route set to service-one?

Also, I understand HashiCorp Consul has service to service ACLs. Is Oathkeeper comparable to that, but also able to be used for end user auth?

Yes, you can use it like that. We’re also planning to integrate it more into services meshes such as Linkerd, Istio.

1 Like