Oathkeeper proxy behind an API Gateway

flasaracina · January 5, 2019, 9:11pm

Hello, I am trying to setup an API Gateway behind hydra/keto/oathkeeper services. I am in a node environment so I decided to use express-gateway as the API gateway of choice. The problem I am facing is that when I submit oathkeeper (via API gateway) invalid or expired tokens, it gives me back the right error with the right error message, but when I try to submit a valid token the only thing I got back is a 502 Bad Gateway response. What is the culprit? Thank you for your time

— Edit:

I notice that if I put the resource-server inside the docker compose where hydra\keto\oathkeeper is defined, all work out pretty well, but when I use a resource server that is not defined in the docker-compose file, it fails. Resource server is localhost:4478 but apparently oathkeeper cannot proxy to it when a successful request asks for an OpenID Token. Notice that hydra is set up to use a consent app that is outside of the docker environment. This consent app is also on localhost (port 6500) and it works like a charm. So the question is: How come oathkeeper can’t communicate to localhost when proxying out?

Thanks

zecarlos94 · March 8, 2019, 12:14pm

Hi xD
I had the same issue. I fix it using Ngrok (https://ngrok.com/download). Install it and run the following command “./ngrok http PORT”, where PORT represents the port in which you app is running on localhost. For instance, if your app is running on http://localhost:5000, then you must run “./ngrok http 5000”.

Don’t forget to paste the ngrok url provided by that command into configurator in docker-compose.yml file. For instance, you must declare the environment variable with that url (-RESOURCE_SERVER_URL=http://23541549.ngrok.io) in the configurator environment.

Hope that helps!