From 62f0fd64818ba37fd42182e9f6d61b86a4d25bfa Mon Sep 17 00:00:00 2001 From: Fred Muya Date: Fri, 5 Sep 2025 19:18:38 +0300 Subject: [PATCH] chore: document Oathkeeper bearer_token prefix config This config is available in the API, but not documented (https://github.com/ory/oathkeeper/blob/master/pipeline/authn/authenticator_bearer_token.go#L36) --- docs/oathkeeper/pipeline/authn.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/oathkeeper/pipeline/authn.md b/docs/oathkeeper/pipeline/authn.md index 36c8429e49..8a21cb708c 100644 --- a/docs/oathkeeper/pipeline/authn.md +++ b/docs/oathkeeper/pipeline/authn.md @@ -364,6 +364,8 @@ note that Gzipped responses from `check_session_url` are not supported, and will It can't be set along with `header` or `query_parameter` - `forward_http_headers` ([]string, optional - defaults ["Authorization", "Cookie"]) - If set, you can specify which headers will be forwarded. +- `prefix` (string, optional) - If the bearer token does not begin with this prefix, the `bearer_token` authenticator will not + handle the request. ```yaml # Global configuration file oathkeeper.yml @@ -422,6 +424,25 @@ authenticators: - X-Forwarded-For ``` +```yaml +# Some Access Rule Handling a Token with a Specified Prefix: access-rule-3.yaml +id: access-rule-2 +# match: ... +# upstream: ... +authenticators: + - handler: bearer_token + config: + check_session_url: https://session-store-host/check-session + token_from: + header: Authorization + # or + # header: Custom-Authorization-Header + # or + # cookie: auth-token + # Will only handle requests with Authorization: bearer custom_token_prefix_xxxxxx + prefix: "custom_token_prefix_" +``` + ### `bearer_token` access rule example ```shell