Local development against a deployed Oathkeeper #1127
Replies: 1 comment
-
Hello @disambiguationuk When developing locally, Ory APIs must be exposed on the same domain as your application to avoid issues with third-party cookies. This is why you're seeing the Ory session tokens as a cookie scoped against the localhost domain. The Ory Tunnel is a development tool that allows you to expose the Ory APIs on your localhost domain. However, it's important to note that the Ory Tunnel should not be used in a production environment due to rate limiting and other issues [source]. |
Beta Was this translation helpful? Give feedback.
-
We're running Oathkeeper within our dev environment to provide an ingress and auth for a number of secure endpoints. While developing our frontend locally using ory tunnel --dev we have Ory session tokens as a cookie however the cookie is scoped against the
localhost
domain so it won't get sent to our backend.It feels like it should be a really simple case but I can't find any guidance on how we would develop against the deployed backend. I've tried using
--cookie-domain
with ory tunnel to set it to the subdomain Oathkeeper is on but then the ory api won't validate it. Any guidance on how we can progress on this would be much appreciated.Beta Was this translation helpful? Give feedback.
All reactions