docs: Oathkeeper + Kratos + Keto guide

[gen1us2k]

From February Slack harvest.

Hello guys, I am trying to setup authentication and authorization using ory in my infrastructure. Actually i have both kratos and keto correctly installed and configured, i want to add oauthkeeper in the follow scenario: an api gateway implemented through graphql federation and a set of microservices implementing partial graphs. The request can’t be authorized (with keto) by oauthkeeper as reverse proxt based on url, since it is based on the result of query resolution process. I found two solutions but i don’t know which one fits well in oauthkeeper “best practice”: Use oauthkeeper only for authentication as reverse proxy and then inside of each microservices query keto to authorize the operation. Use oauthkeeper for both authenticaton and authorization as decision engine, generating fake url for each query resolution. Therefore, each microservice (so after the resolution of a query) will make a request to oauthkeeper in order to authorize the request.