projects/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nexus/oathkeeper/config/rules/kratos.yml
Damien Coles fa0767e456 public-ready-init
2026-01-26 11:58:04 -05:00

195 lines
4.1 KiB
YAML
Raw Permalink Blame History

# ====================================
# Kratos Public Routes - Production (auth.example.com)
# ====================================
# Self-service routes for auth.example.com
- id: "kratos:public:self-service:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "https://auth.example.com/self-service/<**>"
methods:
- GET
- POST
- DELETE
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# WebAuthn JavaScript for auth.example.com
- id: "kratos:public:webauthn:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "https://auth.example.com/.well-known/ory/webauthn.js"
methods:
- GET
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# Session whoami endpoint for auth.example.com
- id: "kratos:public:whoami:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "https://auth.example.com/sessions/whoami"
methods:
- GET
- POST
- DELETE
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# ====================================
# Kratos Public Routes - Local Development (port 7200)
# ====================================
# Self-service routes for localhost
- id: "kratos:public:self-service:localhost"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "http://localhost:7200/self-service/<**>"
methods:
- GET
- POST
- DELETE
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# WebAuthn JavaScript for localhost
- id: "kratos:public:webauthn:localhost"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "http://localhost:7200/.well-known/ory/webauthn.js"
methods:
- GET
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# Session whoami endpoint for localhost
- id: "kratos:public:whoami:localhost"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6000"
preserve_host: false
match:
url: "http://localhost:7200/sessions/whoami"
methods:
- GET
- POST
- DELETE
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
# ====================================
# Kratos Admin Routes - Production (auth.example.com)
# ====================================
# Admin identities endpoint
- id: "kratos:admin:identities:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6050"
preserve_host: false
match:
url: "https://auth.example.com/admin/identities<**>"
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: noop
# Admin sessions endpoint
- id: "kratos:admin:sessions:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6050"
preserve_host: false
match:
url: "https://auth.example.com/admin/sessions<**>"
methods:
- GET
- DELETE
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: noop
# Admin courier messages endpoint
- id: "kratos:admin:courier:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6050"
preserve_host: false
match:
url: "https://auth.example.com/admin/courier<**>"
methods:
- GET
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: noop
# Admin recovery link endpoint
- id: "kratos:admin:recovery:auth"
version: "v0.40.0"
upstream:
url: "http://127.0.0.1:6050"
preserve_host: false
match:
url: "https://auth.example.com/admin/recovery<**>"
methods:
- POST
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: noop
Reference in New Issue View Git Blame Copy Permalink