skynet-webportal/docker/kratos/oathkeeper/oathkeeper.yml

log:
  level: debug
  format: json

serve:
  proxy:
    cors:
      enabled: true
      allowed_origins:
        - "*"
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
      allowed_headers:
        - Authorization
        - Content-Type
      exposed_headers:
        - Content-Type
      allow_credentials: true
      debug: true

errors:
  fallback:
    - json

  handlers:
    redirect:
      enabled: true
      config:
        to: http://127.0.0.1/auth/login
        when:
          - error:
              - unauthorized
              - forbidden
            request:
              header:
                accept:
                  - text/html
    json:
      enabled: true
      config:
        verbose: true

access_rules:
  matching_strategy: glob
  repositories:
    - file:///etc/config/oathkeeper/access-rules.yml

authenticators:
  anonymous:
    enabled: true
    config:
      subject: guest

  cookie_session:
    enabled: true
    config:
      check_session_url: http://kratos:4433/sessions/whoami
      preserve_path: true
      extra_from: "@this"
      subject_from: "identity.id"
      only:
        - ory_kratos_session

  noop:
    enabled: true

authorizers:
  allow:
    enabled: true

mutators:
  noop:
    enabled: true

  hydrator:
    enabled: true

  id_token:
    enabled: true
    config:
      issuer_url: http://oathkeeper:4455/
      jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json
      claims: |
        {
          "session": {{ .Extra | toJson }}
        }
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`log:`
			`level: debug`
			`format: json`

			`serve:`
			`proxy:`
			`cors:`
			`enabled: true`
			`allowed_origins:`
			`- "*"`
			`allowed_methods:`
			`- POST`
			`- GET`
			`- PUT`
			`- PATCH`
			`- DELETE`
			`allowed_headers:`
			`- Authorization`
			`- Content-Type`
			`exposed_headers:`
			`- Content-Type`
			`allow_credentials: true`
			`debug: true`

			`errors:`
			`fallback:`
			`- json`

			`handlers:`
			`redirect:`
			`enabled: true`
			`config:`
use secure subdomain 2020-12-16 12:08:51 +00:00			`to: http://127.0.0.1/auth/login`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`when:`
try proxy redirect 2020-12-15 17:00:10 +00:00			`- error:`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`- unauthorized`
			`- forbidden`
			`request:`
			`header:`
			`accept:`
			`- text/html`
			`json:`
			`enabled: true`
			`config:`
			`verbose: true`

			`access_rules:`
			`matching_strategy: glob`
			`repositories:`
			`- file:///etc/config/oathkeeper/access-rules.yml`

			`authenticators:`
			`anonymous:`
			`enabled: true`
			`config:`
			`subject: guest`

			`cookie_session:`
			`enabled: true`
			`config:`
			`check_session_url: http://kratos:4433/sessions/whoami`
			`preserve_path: true`
			`extra_from: "@this"`
			`subject_from: "identity.id"`
			`only:`
			`- ory_kratos_session`

			`noop:`
			`enabled: true`

			`authorizers:`
			`allow:`
			`enabled: true`

			`mutators:`
			`noop:`
			`enabled: true`

enable hydrator 2021-02-09 10:43:23 +00:00			`hydrator:`
			`enabled: true`

Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`id_token:`
			`enabled: true`
			`config:`
try proxy redirect 2020-12-15 17:00:10 +00:00			`issuer_url: http://oathkeeper:4455/`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json`
			`claims: \|`
			`{`
			`"session": {{ .Extra \| toJson }}`
			`}`