Oathkeeper proxy behind an API Gateway


Hello, I am trying to setup an API Gateway behind hydra/keto/oathkeeper services. I am in a node environment so I decided to use express-gateway as the API gateway of choice. The problem I am facing is that when I submit oathkeeper (via API gateway) invalid or expired tokens, it gives me back the right error with the right error message, but when I try to submit a valid token the only thing I got back is a 502 Bad Gateway response. What is the culprit? Thank you for your time

— Edit:

I notice that if I put the resource-server inside the docker compose where hydra\keto\oathkeeper is defined, all work out pretty well, but when I use a resource server that is not defined in the docker-compose file, it fails. Resource server is localhost:4478 but apparently oathkeeper cannot proxy to it when a successful request asks for an OpenID Token. Notice that hydra is set up to use a consent app that is outside of the docker environment. This consent app is also on localhost (port 6500) and it works like a charm. So the question is: How come oathkeeper can’t communicate to localhost when proxying out?