- id: "ory:kratos:public" upstream: preserve_host: true url: "http://kratos:4433" strip_path: /.ory/kratos/public match: url: "http://oathkeeper:4455/.ory/kratos/public/<**>" methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: noop authorizer: handler: allow mutators: - handler: noop # - handler: hydrator # config: # api: # url: http://dashboard:3000/api/hydrator # - handler: cookie # config: # cookies: # user: "{{ print .Subject }}" # some-arbitrary-data: "{{ print .Extra.foo }}" - id: "dashboard:anonymous" upstream: preserve_host: true url: "http://dashboard:3000" match: url: "http://oathkeeper:4455/<{_next/*,auth/*,recovery,verify,error}{/,}>" methods: - GET authenticators: - handler: anonymous authorizer: handler: allow mutators: - handler: noop - id: "dashboard:protected" upstream: preserve_host: true url: "http://dashboard:3000" match: url: "http://oathkeeper:4455/<{,api/*,settings,uploads,downloads,payments}>" methods: - GET authenticators: - handler: cookie_session authorizer: handler: allow mutators: - handler: id_token - handler: header config: headers: X-User: "{{ print .Subject }}" errors: - handler: redirect config: to: http://127.0.0.1/auth/login - id: "accounts" upstream: preserve_host: true url: "http://accounts:3000" match: url: "http://oathkeeper<{,:4455}>/<{user,user/**,login,logout}>" methods: - GET - POST authenticators: - handler: cookie_session authorizer: handler: allow mutators: - handler: id_token errors: - handler: redirect config: to: http://127.0.0.1/auth/login