log: level: debug format: json serve: proxy: cors: enabled: true allowed_origins: - "*" allowed_methods: - POST - GET - PUT - PATCH - DELETE allowed_headers: - Authorization - Content-Type exposed_headers: - Content-Type allow_credentials: true debug: true errors: fallback: - json handlers: redirect: enabled: true config: to: http://127.0.0.1/auth/login when: - error: - unauthorized - forbidden request: header: accept: - text/html json: enabled: true config: verbose: true access_rules: matching_strategy: glob repositories: - file:///etc/config/oathkeeper/access-rules.yml authenticators: anonymous: enabled: true config: subject: guest cookie_session: enabled: true config: check_session_url: http://kratos:4433/sessions/whoami preserve_path: true extra_from: "@this" subject_from: "identity.id" only: - ory_kratos_session noop: enabled: true authorizers: allow: enabled: true mutators: noop: enabled: true # hydrator: # enabled: true # config: # api: # url: http://dashboard:3000/api/hydrator # cookie: # enabled: true # config: # cookies: # user: "{{ print .Subject }}", # some-arbitrary-data: "{{ print .Extra.foo }}" id_token: enabled: true config: issuer_url: http://oathkeeper:4455/ jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json ttl: 4h claims: | { "session": {{ .Extra | toJson }} }