ory · aeneasr · Sep 23, 2019 · Sep 19, 2019 · Sep 19, 2019 · Sep 19, 2019
@@ -0,0 +1,22 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.anonymous.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "Anonymous Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+    "subject": {
+      "type": "string",
+      "title": "Anonymous Subject",
+      "examples": [
+        "guest",
+        "anon",
+        "anonymous",
+        "unknown"
+      ],
+      "default": "anonymous",
+      "description": "Sets the anonymous username."
+    }
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,31 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.cookie_session.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "Cookie Session Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+    "check_session_url": {
+      "title": "Session Check URL",
+      "type": "string",
+      "format": "uri",
+      "description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
+      "examples": [
+        "https://session-store-host"
+      ]
+    },
+    "only": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "additionalItems": false
+      },
+      "title": "Only Cookies",
+      "description": "A list of possible cookies to look for on incoming requests, and will fallthrough to the next authenticator if none of the passed cookies are set on the request."
+    }
+  },
+  "required": [
+    "check_session_url"
+  ],
+  "additionalProperties": false
+}
@@ -0,0 +1,55 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.jwt.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "JWT Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+    "required_scope": {
+      "type": "array",
+      "title": "Required Token Scope",
+      "description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
+      "items": {
+        "type": "string"
+      }
+    },
+    "target_audience": {
+      "title": "Intended Audience",
+      "type": "array",
+      "description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.",
+      "items": {
+        "type": "string"
+      }
+    },
+    "trusted_issuers": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "allowed_algorithms": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "jwks_urls": {
+      "title": "JSON Web Key URLs",
+      "type": "array",
+      "items": {
+        "type": "string",
+        "format": "uri"
+      },
+      "description": "URLs where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web Token. Usually something like \"https://my-keys.com/.well-known/jwks.json\". The response of that endpoint must return a JSON Web Key Set (JWKS).\n\n>If this authenticator is enabled, this value is required.",
+      "examples": [
+        "https://my-website.com/.well-known/jwks.json",
+        "https://my-other-website.com/.well-known/jwks.json",
+        "file://path/to/local/jwks.json"
+      ]
+    },
+    "scope_strategy": {
+      "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#"
+    }
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,10 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.noop.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "NoOp Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,27 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_client_credentials.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "OAuth 2.0 Client Credentials Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+    "token_url": {
+      "type": "string",
+      "description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.",
+      "format": "uri",
+      "examples": [
+        "https://my-website.com/oauth2/token"
+      ]
+    },
+    "required_scope": {
+      "type": "array",
+      "title": "Request Permissions (Token Scope)",
+      "description": "Scopes is an array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this rule.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
+      "items": {
+        "type": "string"
+      }
+    }
+  },
+  "required": ["token_url"],
+  "additionalProperties": false
+}
@@ -0,0 +1,110 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.oauth2_introspection.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "OAuth 2.0 Introspection Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+    "introspection_url": {
+      "type": "string",
+      "format": "uri",
+      "examples": [
+        "https://my-website.com/oauth2/introspection"
+      ],
+      "title": "OAuth 2.0 Introspection URL",
+      "description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required."
+    },
+    "scope_strategy": {
+      "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#"
+    },
+    "pre_authorization": {
+      "title": "Pre-Authorization",
+      "description": "Enable pre-authorization in cases where the OAuth 2.0 Token Introspection endpoint is protected by OAuth 2.0 Bearer Tokens that can be retrieved using the OAuth 2.0 Client Credentials grant.",
+      "oneOf": [
+        {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "title": "Enabled",
+              "const": false,
+              "default": false
+            }
+          }
+        },
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "required": [
+            "client_id",
+            "client_secret",
+            "token_url"
+          ],
+          "properties": {
+            "enabled": {
+              "title": "Enabled",
+              "const": true,
+              "default": false
+            },
+            "client_id": {
+              "type": "string",
+              "title": "OAuth 2.0 Client ID",
+              "description": "The OAuth 2.0 Client ID to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required."
+            },
+            "client_secret": {
+              "type": "string",
+              "title": "OAuth 2.0 Client Secret",
+              "description": "The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.\n\n>If pre-authorization is enabled, this value is required."
+            },
+            "token_url": {
+              "type": "string",
+              "format": "uri",
+              "title": "OAuth 2.0 Token URL",
+              "description": "The OAuth 2.0 Token Endpoint where the OAuth 2.0 Client Credentials Grant will be performed.\n\n>If pre-authorization is enabled, this value is required."
+            },
+            "scope": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "title": "OAuth 2.0 Scope",
+              "description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
+              "examples": [
+                [
+                  "[\"foo\", \"bar\"]"
+                ]
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "required_scope": {
+      "title": "Required Scope",
+      "description": "An array of OAuth 2.0 scopes that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header did not request that specific scope, the request is denied.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "target_audience": {
+      "title": "Target Audience",
+      "description": "An array of audiences that are required when accessing an endpoint protected by this handler.\n If the token used in the Authorization header is not intended for any of the requested audiences, the request is denied.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "trusted_issuers": {
+      "title": "Trusted Issuers",
+      "description": "The token must have been issued by one of the issuers listed in this array.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    }
+  },
+  "required": [
+    "introspection_url"
+  ],
+  "additionalProperties": false
+}
@@ -0,0 +1,10 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authenticators.unauthorized.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "Unauthorized Authenticator Configuration",
+  "description": "This section is optional when the authenticator is disabled.",
+  "properties": {
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,10 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.allow.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "Allow Authorizer Configuration",
+  "description": "This section is optional when the authorizer is disabled.",
+  "properties": {
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,10 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.deny.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "Deny Authorizer Configuration",
+  "description": "This section is optional when the authorizer is disabled.",
+  "properties": {
+  },
+  "additionalProperties": false
+}
@@ -0,0 +1,36 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/authorizers.keto_engine_acp_ory.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "title": "ORY Keto Access Control Policy Authorizer Configuration",
+  "description": "This section is optional when the authorizer is disabled.",
+  "properties": {
+    "base_url": {
+      "title": "Base URL",
+      "type": "string",
+      "format": "uri",
+      "description": "The base URL of ORY Keto.\n\n>If this authorizer is enabled, this value is required.",
+      "examples": [
+        "http://my-keto/"
+      ]
+    },
+    "required_action": {
+      "type": "string"
+    },
+    "required_resource": {
+      "type": "string"
+    },
+    "subject": {
+      "type": "string"
+    },
+    "flavor": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "base_url",
+    "required_action",
+    "required_resource"
+  ],
+  "additionalProperties": false
+}