Skip to content

Commit

Permalink
fix: add old schemas to resolve issues with old versions
Browse files Browse the repository at this point in the history 
Closes #400
  • Loading branch information
@aeneasr
aeneasr committed Apr 6, 2020
1 parent 345233c commit b94c391
Show file tree
Hide file tree
Showing 19 changed files with 2,239 additions and 0 deletions.
1 change: 1 addition & 0 deletions .schemas/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Do not edit files in this directory. They are kept for backwards compatibility.
22 changes: 22 additions & 0 deletions .schemas/authenticators.anonymous.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.anonymous.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Anonymous Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
"subject": {
"type": "string",
"title": "Anonymous Subject",
"examples": [
"guest",
"anon",
"anonymous",
"unknown"
],
"default": "anonymous",
"description": "Sets the anonymous username."
}
},
"additionalProperties": false
}
36 changes: 36 additions & 0 deletions .schemas/authenticators.cookie_session.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.cookie_session.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Cookie Session Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
"check_session_url": {
"title": "Session Check URL",
"type": "string",
"format": "uri",
"description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
"examples": [
"https://session-store-host"
]
},
"only": {
"type": "array",
"items": {
"type": "string",
"additionalItems": false
},
"title": "Only Cookies",
"description": "A list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if none of the passed cookies are set on the request."
},
"preserve_path": {
"title": "Preserve Path",
"type": "boolean",
"description": "When set to true, any path specified in `check_session_url` will be preserved instead of overwriting the path with the path from the original request"
}
},
"required": [
"check_session_url"
],
"additionalProperties": false
}
100 changes: 100 additions & 0 deletions .schemas/authenticators.jwt.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.jwt.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "JWT Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
"required_scope": {
"type": "array",
"title": "Required Token Scope",
"description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
"items": {
"type": "string"
}
},
"target_audience": {
"title": "Intended Audience",
"type": "array",
"description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.",
"items": {
"type": "string"
}
},
"trusted_issuers": {
"type": "array",
"items": {
"type": "string"
}
},
"allowed_algorithms": {
"type": "array",
"items": {
"type": "string"
}
},
"jwks_urls": {
"title": "JSON Web Key URLs",
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "URLs where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web Token. Usually something like \"https://my-keys.com/.well-known/jwks.json\". The response of that endpoint must return a JSON Web Key Set (JWKS).\n\n>If this authenticator is enabled, this value is required.",
"examples": [
"https://my-website.com/.well-known/jwks.json",
"https://my-other-website.com/.well-known/jwks.json",
"file://path/to/local/jwks.json"
]
},
"scope_strategy": {
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#"
},
"token_from": {
"title": "Token From",
"description": "The location of the token.\n If not configured, the token will be received from a default location - 'Authorization' header.\n One and only one location (header, query, or cookie) must be specified.",
"oneOf": [
{
"type": "object",
"required": [
"header"
],
"properties": {
"header": {
"title": "Header",
"type": "string",
"description": "The header (case insensitive) that must contain a token for request authentication. It can't be set along with query_parameter or cookie."
}
}
},
{
"type": "object",
"required": [
"query_parameter"
],
"properties": {
"query_parameter": {
"title": "Query Parameter",
"type": "string",
"description": "The query parameter (case sensitive) that must contain a token for request authentication. It can't be set along with header or cookie."
}
}
},
{
"type": "object",
"required": [
"cookie"
],
"properties": {
"cookie": {
"title": "Cookie",
"type": "string",
"description": "The cookie (case sensitive) that must contain a token for request authentication. It can't be set along with header or query_parameter."
}
}
}
]
}
},
"additionalProperties": false
}
10 changes: 10 additions & 0 deletions .schemas/authenticators.noop.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.noop.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "NoOp Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
},
"additionalProperties": false
}
27 changes: 27 additions & 0 deletions .schemas/authenticators.oauth2_client_credentials.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_client_credentials.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "OAuth 2.0 Client Credentials Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
"token_url": {
"type": "string",
"description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.",
"format": "uri",
"examples": [
"https://my-website.com/oauth2/token"
]
},
"required_scope": {
"type": "array",
"title": "Request Permissions (Token Scope)",
"description": "Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
"items": {
"type": "string"
}
}
},
"required": ["token_url"],
"additionalProperties": false
}
155 changes: 155 additions & 0 deletions .schemas/authenticators.oauth2_introspection.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_introspection.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "OAuth 2.0 Introspection Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
"introspection_url": {
"type": "string",
"format": "uri",
"examples": [
"https://my-website.com/oauth2/introspection"
],
"title": "OAuth 2.0 Introspection URL",
"description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required."
},
"scope_strategy": {
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#"
},
"pre_authorization": {
"title": "Pre-Authorization",
"description": "Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.",
"oneOf": [
{
"type": "object",
"properties": {
"enabled": {
"title": "Enabled",
"const": false,
"default": false
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"client_id",
"client_secret",
"token_url"
],
"properties": {
"enabled": {
"title": "Enabled",
"const": true,
"default": false
},
"client_id": {
"type": "string",
"title": "OAuth 2.0 Client ID",
"description": "The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required."
},
"client_secret": {
"type": "string",
"title": "OAuth 2.0 Client Secret",
"description": "The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required."
},
"token_url": {
"type": "string",
"format": "uri",
"title": "OAuth 2.0 Token URL",
"description": "The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\n\n>If pre-authorization is enabled, this value is required."
},
"scope": {
"type": "array",
"items": {
"type": "string"
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
"examples": [
[
"[\"foo\", \"bar\"]"
]
]
}
}
}
]
},
"required_scope": {
"title": "Required Scope",
"description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
"type": "array",
"items": {
"type": "string"
}
},
"target_audience": {
"title": "Target Audience",
"description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.",
"type": "array",
"items": {
"type": "string"
}
},
"trusted_issuers": {
"title": "Trusted Issuers",
"description": "The token must have been issued by one of the issuers listed in this array.",
"type": "array",
"items": {
"type": "string"
}
},
"token_from": {
"title": "Token From",
"description": "The location of the token.\n If not configured, the token will be received from a default location - 'Authorization' header.\n One and only one location (header, query, or cookie) must be specified.",
"oneOf": [
{
"type": "object",
"required": [
"header"
],
"properties": {
"header": {
"title": "Header",
"type": "string",
"description": "The header (case insensitive) that must contain a token for request authentication.\n It can't be set along with query_parameter or cookie."
}
}
},
{
"type": "object",
"required": [
"query_parameter"
],
"properties": {
"query_parameter": {
"title": "Query Parameter",
"type": "string",
"description": "The query parameter (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or cookie."
}
}
},
{
"type": "object",
"required": [
"cookie"
],
"properties": {
"cookie": {
"title": "Cookie",
"type": "string",
"description": "The cookie (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or query_parameter."
}
}
}
]
}
},
"required": [
"introspection_url"
],
"additionalProperties": false
}
10 changes: 10 additions & 0 deletions .schemas/authenticators.unauthorized.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.unauthorized.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Unauthorized Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
"properties": {
},
"additionalProperties": false
}
10 changes: 10 additions & 0 deletions .schemas/authorizers.allow.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.allow.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Allow Authorizer Configuration",
"description": "This section is optional when the authorizer is disabled.",
"properties": {
},
"additionalProperties": false
}
10 changes: 10 additions & 0 deletions .schemas/authorizers.deny.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.deny.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Deny Authorizer Configuration",
"description": "This section is optional when the authorizer is disabled.",
"properties": {
},
"additionalProperties": false
}
Loading

0 comments on commit b94c391

Please sign in to comment.