-
Notifications
You must be signed in to change notification settings - Fork 360
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Homogenize configuration management (#258)
- Loading branch information
Showing
82 changed files
with
2,643 additions
and
1,497 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.anonymous.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "Anonymous Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| "subject": { | ||
| "type": "string", | ||
| "title": "Anonymous Subject", | ||
| "examples": [ | ||
| "guest", | ||
| "anon", | ||
| "anonymous", | ||
| "unknown" | ||
| ], | ||
| "default": "anonymous", | ||
| "description": "Sets the anonymous username." | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.cookie_session.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "Cookie Session Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| "check_session_url": { | ||
| "title": "Session Check URL", | ||
| "type": "string", | ||
| "format": "uri", | ||
| "description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.", | ||
| "examples": [ | ||
| "https://session-store-host" | ||
| ] | ||
| }, | ||
| "only": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "additionalItems": false | ||
| }, | ||
| "title": "Only Cookies", | ||
| "description": "A list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if none of the passed cookies are set on the request." | ||
| } | ||
| }, | ||
| "required": [ | ||
| "check_session_url" | ||
| ], | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.jwt.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "JWT Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| "required_scope": { | ||
| "type": "array", | ||
| "title": "Required Token Scope", | ||
| "description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "target_audience": { | ||
| "title": "Intended Audience", | ||
| "type": "array", | ||
| "description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "trusted_issuers": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "allowed_algorithms": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "jwks_urls": { | ||
| "title": "JSON Web Key URLs", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "format": "uri" | ||
| }, | ||
| "description": "URLs where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web Token. Usually something like \"https://my-keys.com/.well-known/jwks.json\". The response of that endpoint must return a JSON Web Key Set (JWKS).\n\n>If this authenticator is enabled, this value is required.", | ||
| "examples": [ | ||
| "https://my-website.com/.well-known/jwks.json", | ||
| "https://my-other-website.com/.well-known/jwks.json", | ||
| "file://path/to/local/jwks.json" | ||
| ] | ||
| }, | ||
| "scope_strategy": { | ||
| "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#" | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.noop.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "NoOp Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| }, | ||
| "additionalProperties": false | ||
| } |
27 changes: 27 additions & 0 deletions
27
.schemas/authenticators.oauth2_client_credentials.schema.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_client_credentials.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "OAuth 2.0 Client Credentials Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| "token_url": { | ||
| "type": "string", | ||
| "description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.", | ||
| "format": "uri", | ||
| "examples": [ | ||
| "https://my-website.com/oauth2/token" | ||
| ] | ||
| }, | ||
| "required_scope": { | ||
| "type": "array", | ||
| "title": "Request Permissions (Token Scope)", | ||
| "description": "Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.\n If the token used in the Authorization header did not request that specific scope, the request is denied.", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "required": ["token_url"], | ||
| "additionalProperties": false | ||
| } |
110 changes: 110 additions & 0 deletions
110
.schemas/authenticators.oauth2_introspection.schema.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_introspection.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "OAuth 2.0 Introspection Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| "introspection_url": { | ||
| "type": "string", | ||
| "format": "uri", | ||
| "examples": [ | ||
| "https://my-website.com/oauth2/introspection" | ||
| ], | ||
| "title": "OAuth 2.0 Introspection URL", | ||
| "description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required." | ||
| }, | ||
| "scope_strategy": { | ||
| "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#" | ||
| }, | ||
| "pre_authorization": { | ||
| "title": "Pre-Authorization", | ||
| "description": "Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.", | ||
| "oneOf": [ | ||
| { | ||
| "type": "object", | ||
| "properties": { | ||
| "enabled": { | ||
| "title": "Enabled", | ||
| "const": false, | ||
| "default": false | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "type": "object", | ||
| "additionalProperties": false, | ||
| "required": [ | ||
| "client_id", | ||
| "client_secret", | ||
| "token_url" | ||
| ], | ||
| "properties": { | ||
| "enabled": { | ||
| "title": "Enabled", | ||
| "const": true, | ||
| "default": false | ||
| }, | ||
| "client_id": { | ||
| "type": "string", | ||
| "title": "OAuth 2.0 Client ID", | ||
| "description": "The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required." | ||
| }, | ||
| "client_secret": { | ||
| "type": "string", | ||
| "title": "OAuth 2.0 Client Secret", | ||
| "description": "The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required." | ||
| }, | ||
| "token_url": { | ||
| "type": "string", | ||
| "format": "uri", | ||
| "title": "OAuth 2.0 Token URL", | ||
| "description": "The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\n\n>If pre-authorization is enabled, this value is required." | ||
| }, | ||
| "scope": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| }, | ||
| "title": "OAuth 2.0 Scope", | ||
| "description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.", | ||
| "examples": [ | ||
| [ | ||
| "[\"foo\", \"bar\"]" | ||
| ] | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| "required_scope": { | ||
| "title": "Required Scope", | ||
| "description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "target_audience": { | ||
| "title": "Target Audience", | ||
| "description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "trusted_issuers": { | ||
| "title": "Trusted Issuers", | ||
| "description": "The token must have been issued by one of the issuers listed in this array.", | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "required": [ | ||
| "introspection_url" | ||
| ], | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.unauthorized.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "Unauthorized Authenticator Configuration", | ||
| "description": "This section is optional when the authenticator is disabled.", | ||
| "properties": { | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.allow.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "Allow Authorizer Configuration", | ||
| "description": "This section is optional when the authorizer is disabled.", | ||
| "properties": { | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.deny.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "Deny Authorizer Configuration", | ||
| "description": "This section is optional when the authorizer is disabled.", | ||
| "properties": { | ||
| }, | ||
| "additionalProperties": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.keto_engine_acp_ory.schema.json", | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "type": "object", | ||
| "title": "ORY Keto Access Control Policy Authorizer Configuration", | ||
| "description": "This section is optional when the authorizer is disabled.", | ||
| "properties": { | ||
| "base_url": { | ||
| "title": "Base URL", | ||
| "type": "string", | ||
| "format": "uri", | ||
| "description": "The base URL of ORY Keto.\n\n>If this authorizer is enabled, this value is required.", | ||
| "examples": [ | ||
| "http://my-keto/" | ||
| ] | ||
| }, | ||
| "required_action": { | ||
| "type": "string" | ||
| }, | ||
| "required_resource": { | ||
| "type": "string" | ||
| }, | ||
| "subject": { | ||
| "type": "string" | ||
| }, | ||
| "flavor": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "base_url", | ||
| "required_action", | ||
| "required_resource" | ||
| ], | ||
| "additionalProperties": false | ||
| } |
Oops, something went wrong.