Skip to content

Multiple oauth2_introspection authenticators for same access rule #809

Answered by Demonsthere
PeteMac88 asked this question in Q&A
Discussion options

You must be logged in to vote

Hello there!
You may have missed this part of the docs:

If handler a is able to handle the provided credentials, then handler b and c will be ignored. If handler a can not handle the provided credentials but handler b can, then handler a and c will be ignored. Handling the provided credentials means that the authenticator knows how to handle, for example, the Authorization: basic header. It does not mean that the credentials are valid! If a handler encounters invalid credentials, then other handlers will be ignored too.

In your case I think you would need to have different configs for both introspections, so oathkeeper can pick the correct one to use.

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@vinckr
Comment options

Answer selected by vinckr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants