Add mutator for modifying authenticationSession with external API

[kubadz]

Related issue

#228
@aeneasr @piotrmsc

Proposed changes

As stated in the linked issue - this PR adds a mutator which make an upstream call to an API with AuthenticationSession as payload and expect AuthenticationSession as a response.

Checklist

• I have read the contributing guidelines
• I have read the security policy
• I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
  vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation within the code base (if appropriate)
• I have documented my changes in the developer guide (if appropriate)

Further comments

[aeneasr]

sorry - I squash-merged the other PR causing some merge conflicts

[kubadz]

sorry - I squash-merged the other PR causing some merge conflicts

No problem :) fortunately, there are not many conflicts

[aeneasr]

This looks great!! All that's left is adding docs here: https://github.com/ory/docs/blob/master/docs/oathkeeper/pipeline/mutator.md :)

[aeneasr]

This would probably be authorization right? Because we're modifying HTTP Authorization?

[kubadz]

Sure, we are modifying HTTP Authorization header, but it is a header used for authentication. And the config is actually specifying Authentication scheme and credentials. But if this argumentation doesn't convince you and you prefer it to be Authorization I will not argue to change that 😄

[aeneasr]

We could also just change it to auth, then it implies both 😅

[kubadz]

Ok, changed it. Let me know what you think about it now 😄
I will adjust documentation in a second

[aeneasr]

Wohoooo!