Hi, I am new to ORY stack and just had a look at the Fullstack example on Github.
When seeing these configurations in docker-compose file for Oathkeeper:
- AUTHORIZER_KETO_URL=http://keto:4466 - AUTHENTICATOR_OAUTH2_INTROSPECTION_URL=http://hydra:4445/oauth2/introspect - AUTHENTICATOR_OAUTH2_CLIENT_CREDENTIALS_TOKEN_URL=http://hydra:4444/oauth2/token
I expect this is the way it should be:
- A request (attached with an access token) coming to Oathkeeper which acts as an API Gateway.
- Oathkeeper asks Hydra if the attached token is valid, whether or not it is blacklisted (not expired but user has logged out), etc.
- Then Oathkeeper asks Keto if user with this token is allowed to perform the action.
- Finally the request hits Resource service. Resource service doesn’t need to make lookup calls to neither Hydra nor Keto.
What I actually see in resource server sourcecode:
- introspect.js: Manually calls Hydra.
- keto.js: Manually calls Keto.
- oathkeeper.js: Manually calls Oathkeeper
My questions is: Do Hydra, OathKeeper and Keto work together automatically (with some configuration, of course) without requiring the Resource service to implement manual calls like that? (Except in edge cases, but I mean normal case like the one in fullstack example). And if yes, how can I achieve that?