Anders Eknert
Anders Eknert
Most clients (including curl) will change the subsequent request following a 301/302 response to a GET, and that's why the body is dropped. The use of `-X POST` in the...
I hear you, @patrick-east - I used to work on an identity server some years back and we had both the some problem and the same concerns about changing redirect...
@patrick-east is there a v2 API in the plans or is that hypothetical? :) We had another developer bitten by this yesterday. With `default allow = false` kind of rules...
Thanks @patrick-east 👍 Agreed completely on making it more visible and obvious in docs and logs should the current behavior be kept as is.
I do somewhere, don't I? Can't find it now though 😅 But basically, `any`/`every` is replaced by the `in` and `every` keywords, which provide the additional benefit of being able...
No one suggested otherwise :) What's relevant for impact is the number of policies in the wild that make use of those functions, and I just added that I doubt...
The question is if whether we want this to be the _only_ option. Perhaps for the first iteration, but it seems we'd probably want to support using this library without...
Exactly - this library should not depend on OAuth2. My concern was around this: > We should assume JWT token as input
Would it make sense to forward the whole HTTP request "as-is" (as much as that is possible) as an option to provide OPA with all data available there?
The reason to filter out attributes from the original request would be to keep the payload size low? I'm not sure I find the special treatment of JWTs necessary -...