ory / oathkeeper

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=hydra

Docs wrong for `bearer_token` Subject default location

logan-hcg opened this issue 10 months ago · comments

logan-hcg commented 10 months ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

The default is sub:

oathkeeper/pipeline/authn/authenticator_bearer_token.go

Line 115 in 4d61221

c.SubjectFrom = "sub"

but documentation shows it it subject:

https://www.ory.sh/docs/oathkeeper/pipeline/authn#bearer_token

Reproducing the bug

Configure bearer_token authenticator
Return status 200 and the body {"subject": "test-subject"}

Subject is empty instead of expected test-subject. Changing the response to {"sub": "test-subject"} returns the proper subject value.

Relevant log output

No response

Relevant configuration

No response

Version

v0.40.6

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response