Currently I am using Keycloak as IdP to store my user identity (signup will create a user in keycloak). Now I want to use Oathkeeper (
jwt authenticator) and Keto for auth & authz, but the JWT returned from Keycloak contains a
sub with UUID value, and
preferred_username with value is my user’s username, so how can I make oathkeeper can validate that JWT and Keto can extract the username in the JWT as a sub to perform ACP rules?
Btw, does Kratos work with Keto now or we need to wait for future release?