diff --git a/.docker_compose/config.yaml b/.docker_compose/config.yaml
index de024a758f..2df5698819 100644
--- a/.docker_compose/config.yaml
+++ b/.docker_compose/config.yaml
@@ -26,7 +26,7 @@ mutators:
enabled: true
config:
headers:
- X-User: "{{ print .Subject }}"
+ X-User: '{{ print .Subject }}'
noop:
enabled: true
id_token:
diff --git a/.docker_compose/rules.json b/.docker_compose/rules.json
index 737f312218..61e9c6c856 100644
--- a/.docker_compose/rules.json
+++ b/.docker_compose/rules.json
@@ -1,99 +1,93 @@
[
- {
- "id": "allow-anonymous-with-header-mutator",
- "upstream": {
- "url": "https://httpbin.org/anything/header"
- },
- "match": {
- "url": "http://<127.0.0.1|localhost>:4455/anything/header",
- "methods": [
- "GET"
- ]
- },
- "authenticators": [
- {
- "handler": "anonymous"
- }
- ],
- "authorizer": {
- "handler": "allow"
- },
- "mutators": [
- {
- "handler": "header",
- "config": {
- "headers": {
- "X-User": "{{ print .Subject }}"
- }
- }
- }
- ]
+ {
+ "id": "allow-anonymous-with-header-mutator",
+ "upstream": {
+ "url": "https://httpbin.org/anything/header"
},
- {
- "id": "deny-anonymous",
- "upstream": {
- "url": "https://httpbin.org/anything/deny"
- },
- "match": {
- "url": "http://<127.0.0.1|localhost>:4455/anything/deny",
- "methods": [
- "GET"
- ]
- },
- "authenticators": [
- {
- "handler": "anonymous"
- }
- ],
- "authorizer": {
- "handler": "deny"
- },
- "mutators": [
- {
- "handler": "noop"
- }
- ],
- "errors": [
+ "match": {
+ "url": "http://<127.0.0.1|localhost>:4455/anything/header",
+ "methods": ["GET"]
+ },
+ "authenticators": [
+ {
+ "handler": "anonymous"
+ }
+ ],
+ "authorizer": {
+ "handler": "allow"
+ },
+ "mutators": [
+ {
+ "handler": "header",
+ "config": {
+ "headers": {
+ "X-User": "{{ print .Subject }}"
+ }
+ }
+ }
+ ]
+ },
+ {
+ "id": "deny-anonymous",
+ "upstream": {
+ "url": "https://httpbin.org/anything/deny"
+ },
+ "match": {
+ "url": "http://<127.0.0.1|localhost>:4455/anything/deny",
+ "methods": ["GET"]
+ },
+ "authenticators": [
+ {
+ "handler": "anonymous"
+ }
+ ],
+ "authorizer": {
+ "handler": "deny"
+ },
+ "mutators": [
+ {
+ "handler": "noop"
+ }
+ ],
+ "errors": [
+ {
+ "handler": "json",
+ "config": {
+ "when": [
{
- "handler": "json",
- "config": {
- "when": [
- {
- "request": {
- "header": {
- "accept": ["application/json"]
- }
- }
- }
- ]
+ "request": {
+ "header": {
+ "accept": ["application/json"]
}
- },
+ }
+ }
+ ]
+ }
+ },
+ {
+ "handler": "redirect",
+ "config": {
+ "when": [
{
- "handler": "redirect",
- "config": {
- "when": [
- {
- "request": {
- "header": {
- "accept": ["text/*"]
- }
- }
- }
- ]
+ "request": {
+ "header": {
+ "accept": ["text/*"]
}
+ }
}
- ]
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "id": "allow-anonymous-with-id-token-mutator",
+ "upstream": {
+ "url": "https://httpbin.org/anything/id_token"
},
- {
- "id": "allow-anonymous-with-id-token-mutator",
- "upstream": {
- "url": "https://httpbin.org/anything/id_token"
- },
"match": {
"url": "http://<127.0.0.1|localhost>:4455/anything/id_token",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 8125a1915d..d8bcb167f0 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -38,18 +38,13 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help!
-->
- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).
-- [ ] I have referenced an issue containing the design document if my change
- introduces a new feature.
-- [ ] I am following the
- [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).
+- [ ] I have referenced an issue containing the design document if my change introduces a new feature.
+- [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).
- [ ] I have read the [security policy](../security/policy).
-- [ ] I confirm that this pull request does not address a security
- vulnerability. If this pull request addresses a security. vulnerability, I
- confirm that I got green light (please contact
- [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push
- the changes.
-- [ ] I have added tests that prove my fix is effective or that my feature
- works.
+- [ ] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security.
+ vulnerability, I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the
+ maintainers to push the changes.
+- [ ] I have added tests that prove my fix is effective or that my feature works.
- [ ] I have added or changed [the documentation](https://github.com/ory/docs).
## Further Comments
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bbf401c93e..15ef44fa0a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -80,7 +80,7 @@ jobs:
runs-on: ubuntu-latest
name: Run tests
strategy:
- matrix:
+ matrix:
name: ['reload', 'e2e', 'forwarded-header']
needs:
- sdk-generate
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 46ecbeb301..2079a1fcc2 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,14 +9,14 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
-name: "CodeQL"
+name: 'CodeQL'
on:
push:
- branches: [ master ]
+ branches: [master]
pull_request:
# The branches below must be a subset of the branches above
- branches: [ master ]
+ branches: [master]
schedule:
- cron: '26 0 * * 2'
@@ -32,40 +32,40 @@ jobs:
strategy:
fail-fast: false
matrix:
- language: [ 'go' ]
+ language: ['go']
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- - name: Checkout repository
- uses: actions/checkout@v2
+ - name: Checkout repository
+ uses: actions/checkout@v2
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v1
- with:
- languages: ${{ matrix.language }}
- # If you wish to specify custom queries, you can do so here or in a config file.
- # By default, queries listed here will override any specified in a config file.
- # Prefix the list here with "+" to use these queries and those in the config file.
- # queries: ./path/to/local/query, your-org/your-repo/queries@main
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually (see below)
- - name: Autobuild
- uses: github/codeql-action/autobuild@v1
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v1
- # ℹ️ Command-line programs to run using the OS shell.
- # 📚 https://git.io/JvXDl
+ # ℹ️ Command-line programs to run using the OS shell.
+ # 📚 https://git.io/JvXDl
- # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
- # and modify them (or add more) to build your code if your project
- # uses a compiled language
+ # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
- #- run: |
- # make bootstrap
- # make release
+ #- run: |
+ # make bootstrap
+ # make release
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
index 8cdc05f381..058a0eb61f 100644
--- a/.github/workflows/cve-scan.yaml
+++ b/.github/workflows/cve-scan.yaml
@@ -62,7 +62,7 @@ jobs:
uses: aquasecurity/trivy-action@master
if: ${{ always() }}
with:
- image-ref: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
+ image-ref: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
format: 'table'
exit-code: '42'
ignore-unfixed: true
@@ -72,7 +72,7 @@ jobs:
uses: aquasecurity/trivy-action@master
if: ${{ always() }}
with:
- image-ref: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
+ image-ref: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
format: 'table'
exit-code: '42'
ignore-unfixed: true
@@ -82,13 +82,13 @@ jobs:
uses: erzz/dockle-action@v1.1.1
if: ${{ always() }}
with:
- image: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
+ image: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
exit-code: 42
failure-threshold: fatal
- name: Dockle Linter
uses: erzz/dockle-action@v1.1.1
if: ${{ always() }}
with:
- image: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
+ image: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
exit-code: 42
failure-threshold: fatal
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 2912b08a26..0a306c59db 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -6,17 +6,19 @@ before:
hooks:
- go mod download
- git checkout -- go.sum go.mod
- - curl -Lo /tmp/cosign.key https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.key
- - curl -Lo /tmp/cosign.pub https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.pub
+ - 'curl -Lo /tmp/cosign.key
+ https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.key'
+ - 'curl -Lo /tmp/cosign.pub
+ https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.pub'
- go install github.com/gobuffalo/packr/v2/packr2
- packr2
variables:
brew_name: oathkeeper
- brew_description: "The Ory Identity and Access Proxy (Ory Oathkeeper)"
- buildinfo_hash: "github.com/ory/oathkeeper/x.Commit"
- buildinfo_tag: "github.com/ory/oathkeeper/x.Version"
- buildinfo_date: "github.com/ory/oathkeeper/x.Date"
- dockerfile: "./Dockerfile-alpine"
+ brew_description: 'The Ory Identity and Access Proxy (Ory Oathkeeper)'
+ buildinfo_hash: 'github.com/ory/oathkeeper/x.Commit'
+ buildinfo_tag: 'github.com/ory/oathkeeper/x.Version'
+ buildinfo_date: 'github.com/ory/oathkeeper/x.Date'
+ dockerfile: './Dockerfile-alpine'
project_name: oathkeeper
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/.schema/api.swagger.json b/.schema/api.swagger.json
index ca898aeeac..1d89c2938f 100755
--- a/.schema/api.swagger.json
+++ b/.schema/api.swagger.json
@@ -1,14 +1,7 @@
{
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
"swagger": "2.0",
"info": {
"description": "ORY Oathkeeper is a reverse proxy that checks the HTTP Authorization for validity against a set of rules. This service uses Hydra to validate access tokens and policies.",
@@ -25,16 +18,9 @@
"/.well-known/jwks.json": {
"get": {
"description": "This endpoint returns cryptographic keys that are required to, for example, verify signatures of ID Tokens.",
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Lists cryptographic keys",
"operationId": "getWellKnownJSONWebKeys",
"responses": {
@@ -81,13 +67,8 @@
"/decisions": {
"get": {
"description": "\u003e This endpoint works with all HTTP Methods (GET, POST, PUT, ...) and matches every path prefixed with /decision.\n\nThis endpoint mirrors the proxy capability of ORY Oathkeeper's proxy functionality but instead of forwarding the\nrequest to the upstream server, returns 200 (request should be allowed), 401 (unauthorized), or 403 (forbidden)\nstatus codes. This endpoint can be used to integrate with other API Proxies like Ambassador, Kong, Envoy, and many more.",
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Access Control Decision API",
"operationId": "decisions",
"responses": {
@@ -224,12 +205,8 @@
"/health/alive": {
"get": {
"description": "This endpoint returns a 200 status code when the HTTP server is up running.\nThis status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Check alive status",
"operationId": "isInstanceAlive",
"responses": {
@@ -276,12 +253,8 @@
"/health/ready": {
"get": {
"description": "This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Check readiness status",
"operationId": "isInstanceReady",
"responses": {
@@ -303,19 +276,10 @@
"/rules": {
"get": {
"description": "This method returns an array of all rules that are stored in the backend. This is useful if you want to get a full\nview of what rules you have currently in place.",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "List all rules",
"operationId": "listRules",
"parameters": [
@@ -381,19 +345,10 @@
"/rules/{id}": {
"get": {
"description": "Use this method to retrieve a rule from the storage. If it does not exist you will receive a 404 error.",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Retrieve a rule",
"operationId": "getRule",
"parameters": [
@@ -479,12 +434,8 @@
"/version": {
"get": {
"description": "This endpoint returns the service version typically notated using semantic versioning.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Get service version",
"operationId": "getVersion",
"responses": {
@@ -691,4 +642,4 @@
},
"x-forwarded-proto": "string",
"x-request-id": "string"
-}
\ No newline at end of file
+}
diff --git a/.schema/config.schema.json b/.schema/config.schema.json
index 6559d74303..c22d6de9c9 100644
--- a/.schema/config.schema.json
+++ b/.schema/config.schema.json
@@ -16,11 +16,7 @@
"default": "5s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": "The maximum duration for reading the entire request, including the body.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
},
"write": {
"title": "HTTP Write Timeout",
@@ -28,11 +24,7 @@
"default": "120s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": "The maximum duration before timing out writes of the response. Increase this parameter to prevent unexpected closing a client connection if an upstream request is responding slowly.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
},
"idle": {
"title": "HTTP Idle Timeout",
@@ -40,11 +32,7 @@
"default": "120s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": " The maximum amount of time to wait for any action of a request session, reading data or writing the response.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
}
}
},
@@ -71,9 +59,7 @@
"path": {
"title": "Path to PEM-encoded Fle",
"type": "string",
- "examples": [
- "path/to/file.pem"
- ]
+ "examples": ["path/to/file.pem"]
},
"base64": {
"title": "Base64 Encoded Inline",
@@ -128,9 +114,7 @@
"type": "string",
"minLength": 1
},
- "default": [
- "*"
- ],
+ "default": ["*"],
"uniqueItems": true,
"examples": [
[
@@ -158,13 +142,7 @@
]
},
"uniqueItems": true,
- "default": [
- "GET",
- "POST",
- "PUT",
- "PATCH",
- "DELETE"
- ]
+ "default": ["GET", "POST", "PUT", "PATCH", "DELETE"]
},
"allowed_headers": {
"description": "A list of non simple headers the client is allowed to use with cross-domain requests.",
@@ -175,10 +153,7 @@
},
"minLength": 1,
"uniqueItems": true,
- "default": [
- "Authorization",
- "Content-Type"
- ]
+ "default": ["Authorization", "Content-Type"]
},
"exposed_headers": {
"description": "Indicates which headers are safe to expose to the API of a CORS API specification",
@@ -189,9 +164,7 @@
},
"minLength": 1,
"uniqueItems": true,
- "default": [
- "Content-Type"
- ]
+ "default": ["Content-Type"]
},
"allow_credentials": {
"type": "boolean",
@@ -218,20 +191,13 @@
"title": "Enabled",
"type": "boolean",
"default": false,
- "examples": [
- true
- ],
+ "examples": [true],
"description": "En-/disables this component."
},
"scopeStrategy": {
"title": "Scope Strategy",
"type": "string",
- "enum": [
- "hierarchic",
- "exact",
- "wildcard",
- "none"
- ],
+ "enum": ["hierarchic", "exact", "wildcard", "none"],
"default": "none",
"description": "Sets the strategy validation algorithm."
},
@@ -240,9 +206,7 @@
"title": "HTTP Redirect Error Handler",
"description": "This section is optional when the error handler is disabled.",
"additionalProperties": false,
- "required": [
- "to"
- ],
+ "required": ["to"],
"properties": {
"to": {
"title": "Redirect to",
@@ -259,10 +223,7 @@
"title": "HTTP Redirect Status Code",
"description": "Defines the HTTP Redirect status code which can bei 301 (Moved Permanently) or 302 (Found).",
"type": "integer",
- "enum": [
- 301,
- 302
- ],
+ "enum": [301, 302],
"default": 302
},
"return_to_query_param": {
@@ -386,11 +347,7 @@
"subject": {
"type": "string",
"title": "Anonymous Subject",
- "examples": [
- "guest",
- "anon",
- "unknown"
- ],
+ "examples": ["guest", "anon", "unknown"],
"default": "anonymous",
"description": "Sets the anonymous username."
}
@@ -407,9 +364,7 @@
"type": "string",
"format": "uri",
"description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
- "examples": [
- "https://session-store-host"
- ]
+ "examples": ["https://session-store-host"]
},
"only": {
"type": "array",
@@ -440,10 +395,7 @@
"title": "Force HTTP Method",
"type": "string",
"description": "When set uses the given HTTP method instead of the request HTTP method.",
- "examples": [
- "GET",
- "POST"
- ]
+ "examples": ["GET", "POST"]
},
"additional_headers": {
"title": "Set Additional HTTP Headers",
@@ -466,9 +418,7 @@
"default": "subject"
}
},
- "required": [
- "check_session_url"
- ],
+ "required": ["check_session_url"],
"additionalProperties": false
},
"configAuthenticatorsBearerToken": {
@@ -481,9 +431,7 @@
"type": "string",
"format": "uri",
"description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
- "examples": [
- "https://session-store-host"
- ]
+ "examples": ["https://session-store-host"]
},
"token_from": {
"title": "Token From",
@@ -547,10 +495,7 @@
"title": "Force HTTP Method",
"type": "string",
"description": "When set uses the given HTTP method instead of the request HTTP method.",
- "examples": [
- "GET",
- "POST"
- ]
+ "examples": ["GET", "POST"]
},
"additional_headers": {
"title": "Set Additional HTTP Headers",
@@ -573,18 +518,14 @@
"default": "sub"
}
},
- "required": [
- "check_session_url"
- ],
+ "required": ["check_session_url"],
"additionalProperties": false
},
"configAuthenticatorsJwt": {
"type": "object",
"title": "JWT Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
- "required": [
- "jwks_urls"
- ],
+ "required": ["jwks_urls"],
"properties": {
"required_scope": {
"type": "array",
@@ -635,20 +576,14 @@
"type": "string",
"description": "The configuration which sets the max wait threshold when fetching new JWKs",
"default": "1s",
- "examples": [
- "100ms",
- "1s"
- ]
+ "examples": ["100ms", "1s"]
},
"jwks_ttl": {
"title": "JWK cache TTL configuration",
"type": "string",
"description": "The time interval for which fetched JWKs are cached",
"default": "30s",
- "examples": [
- "30m",
- "6h"
- ]
+ "examples": ["30m", "6h"]
},
"scope_strategy": {
"$ref": "#/definitions/scopeStrategy"
@@ -707,9 +642,7 @@
"type": "string",
"description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/token"
- ]
+ "examples": ["https://my-website.com/oauth2/token"]
},
"required_scope": {
"type": "array",
@@ -734,9 +667,7 @@
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"title": "Cache Time to Live",
"description": "Can override the default behaviour of using the token exp time, and specify a set time to live for the token in the cache. If the token exp time is lower than the set value the token exp time will be used instead.",
- "examples": [
- "5s"
- ]
+ "examples": ["5s"]
},
"max_tokens": {
"type": "integer",
@@ -747,9 +678,7 @@
}
}
},
- "required": [
- "token_url"
- ],
+ "required": ["token_url"],
"additionalProperties": false
},
"configAuthenticatorsOauth2Introspection": {
@@ -760,9 +689,7 @@
"introspection_url": {
"type": "string",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/introspection"
- ],
+ "examples": ["https://my-website.com/oauth2/introspection"],
"title": "OAuth 2.0 Introspection URL",
"description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required."
},
@@ -800,10 +727,7 @@
"type": "string",
"title": "OAuth 2.0 Audience",
"description": "The OAuth 2.0 Audience to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- "http://www.example.com",
- "services:my-app"
- ]
+ "examples": ["http://www.example.com", "services:my-app"]
},
"scope": {
"type": "array",
@@ -812,12 +736,7 @@
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- [
- "foo",
- "bar"
- ]
- ]
+ "examples": [["foo", "bar"]]
}
},
"oneOf": [
@@ -829,11 +748,7 @@
}
},
{
- "required": [
- "client_id",
- "client_secret",
- "token_url"
- ],
+ "required": ["client_id", "client_secret", "token_url"],
"properties": {
"enabled": {
"const": true
@@ -861,12 +776,7 @@
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- [
- "foo",
- "bar"
- ]
- ]
+ "examples": [["foo", "bar"]]
}
}
}
@@ -958,9 +868,7 @@
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"title": "Cache Time to Live",
"description": "Can override the default behaviour of using the token exp time, and specify a set time to live for the token in the cache.",
- "examples": [
- "5s"
- ]
+ "examples": ["5s"]
},
"max_cost": {
"type": "integer",
@@ -971,9 +879,7 @@
}
}
},
- "required": [
- "introspection_url"
- ],
+ "required": ["introspection_url"],
"additionalProperties": false
},
"configAuthorizersKetoEngineAcpOry": {
@@ -986,9 +892,7 @@
"type": "string",
"format": "uri",
"description": "The base URL of ORY Keto.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "http://my-keto/"
- ]
+ "examples": ["http://my-keto/"]
},
"required_action": {
"type": "string"
@@ -1003,11 +907,7 @@
"type": "string"
}
},
- "required": [
- "base_url",
- "required_action",
- "required_resource"
- ],
+ "required": ["base_url", "required_action", "required_resource"],
"additionalProperties": false
},
"configAuthorizersRemote": {
@@ -1020,9 +920,7 @@
"type": "string",
"format": "uri",
"description": "The URL of the remote authorizer. The remote authorizer is expected to return either 200 OK or 403 Forbidden to allow/deny access.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "https://host/path"
- ]
+ "examples": ["https://host/path"]
},
"headers": {
"type": "object",
@@ -1045,9 +943,7 @@
"$ref": "#/definitions/retry"
}
},
- "required": [
- "remote"
- ],
+ "required": ["remote"],
"additionalProperties": false
},
"configAuthorizersRemoteJSON": {
@@ -1060,17 +956,13 @@
"type": "string",
"format": "uri",
"description": "The URL of the remote authorizer. The remote authorizer is expected to return either 200 OK or 403 Forbidden to allow/deny access.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "https://host/path"
- ]
+ "examples": ["https://host/path"]
},
"payload": {
"title": "JSON Payload",
"type": "string",
"description": "The JSON payload of the request sent to the remote authorizer. The string will be parsed by the Go text/template package and applied to an AuthenticationSession object.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "{\"subject\":\"{{ .Subject }}\"}"
- ]
+ "examples": ["{\"subject\":\"{{ .Subject }}\"}"]
},
"forward_response_headers_to_upstream": {
"description": "A list of non simple headers the remote is allowed to return to mutate requests.",
@@ -1087,19 +979,14 @@
"$ref": "#/definitions/retry"
}
},
- "required": [
- "remote",
- "payload"
- ],
+ "required": ["remote", "payload"],
"additionalProperties": false
},
"configMutatorsCookie": {
"type": "object",
"title": "Cookie Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "cookies"
- ],
+ "required": ["cookies"],
"properties": {
"cookies": {
"type": "object",
@@ -1114,9 +1001,7 @@
"type": "object",
"title": "Header Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "headers"
- ],
+ "required": ["headers"],
"properties": {
"headers": {
"type": "object",
@@ -1134,9 +1019,7 @@
"properties": {
"api": {
"additionalProperties": false,
- "required": [
- "url"
- ],
+ "required": ["url"],
"type": "object",
"properties": {
"url": {
@@ -1148,10 +1031,7 @@
"additionalProperties": false,
"properties": {
"basic": {
- "required": [
- "username",
- "password"
- ],
+ "required": ["username", "password"],
"type": "object",
"additionalProperties": false,
"properties": {
@@ -1187,19 +1067,14 @@
}
}
},
- "required": [
- "api"
- ],
+ "required": ["api"],
"additionalProperties": false
},
"configMutatorsIdToken": {
"type": "object",
"title": "ID Token Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "jwks_url",
- "issuer_url"
- ],
+ "required": ["jwks_url", "issuer_url"],
"properties": {
"claims": {
"type": "string"
@@ -1226,11 +1101,7 @@
"description": "Sets the time-to-live of the JSON Web Token.",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"default": "15m",
- "examples": [
- "1h",
- "1m",
- "30s"
- ]
+ "examples": ["1h", "1m", "30s"]
}
},
"additionalProperties": false
@@ -1256,10 +1127,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on."
},
@@ -1288,10 +1156,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on. Leave empty to listen on all interfaces."
},
@@ -1320,10 +1185,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on. Leave empty to listen on all interfaces."
},
@@ -1375,13 +1237,8 @@
"description": "This an optional field describing matching strategy. Currently supported values are 'glob' and 'regexp'.",
"type": "string",
"default": "regexp",
- "enum": [
- "glob",
- "regexp"
- ],
- "examples": [
- "glob"
- ]
+ "enum": ["glob", "regexp"],
+ "examples": ["glob"]
}
}
},
@@ -1446,9 +1303,7 @@
"$ref": "#/definitions/configAuthenticatorsCookieSession"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1478,9 +1333,7 @@
"$ref": "#/definitions/configAuthenticatorsBearerToken"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1510,9 +1363,7 @@
"$ref": "#/definitions/configAuthenticatorsJwt"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1542,9 +1393,7 @@
"$ref": "#/definitions/configAuthenticatorsOauth2ClientCredentials"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1574,9 +1423,7 @@
"$ref": "#/definitions/configAuthenticatorsOauth2Introspection"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1601,14 +1448,8 @@
"items": {
"type": "string"
},
- "default": [
- "json"
- ],
- "examples": [
- [
- "redirect"
- ]
- ]
+ "default": ["json"],
+ "examples": [["redirect"]]
},
"handlers": {
"additionalProperties": false,
@@ -1634,9 +1475,7 @@
"$ref": "#/definitions/configErrorsWWWAuthenticate"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1666,9 +1505,7 @@
"$ref": "#/definitions/configErrorsRedirect"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1699,9 +1536,7 @@
"$ref": "#/definitions/configErrorsJSON"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1767,9 +1602,7 @@
"$ref": "#/definitions/configAuthorizersKetoEngineAcpOry"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1799,9 +1632,7 @@
"$ref": "#/definitions/configAuthorizersRemote"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1831,9 +1662,7 @@
"$ref": "#/definitions/configAuthorizersRemoteJSON"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1882,9 +1711,7 @@
"$ref": "#/definitions/configMutatorsCookie"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1914,9 +1741,7 @@
"$ref": "#/definitions/configMutatorsHeader"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1946,9 +1771,7 @@
"$ref": "#/definitions/configMutatorsHydrator"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1978,9 +1801,7 @@
"$ref": "#/definitions/configMutatorsIdToken"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -2003,22 +1824,13 @@
"provider": {
"type": "string",
"description": "Set this to the tracing backend you wish to use. Supports Jaeger, Zipkin, DataDog and elastic-apm. If omitted or empty, tracing will be disabled. Use environment variables to configure DataDog (see https://docs.datadoghq.com/tracing/setup/go/#configuration).",
- "enum": [
- "zipkin",
- "jaeger",
- "datadog",
- "elastic-apm"
- ],
- "examples": [
- "zipkin"
- ]
+ "enum": ["zipkin", "jaeger", "datadog", "elastic-apm"],
+ "examples": ["zipkin"]
},
"service_name": {
"type": "string",
"description": "Specifies the service name to use on the tracer.",
- "examples": [
- "Ory Oathkeeper"
- ]
+ "examples": ["Ory Oathkeeper"]
},
"providers": {
"type": "object",
@@ -2060,16 +1872,12 @@
"format": "uri"
}
],
- "examples": [
- "127.0.0.1:6831"
- ]
+ "examples": ["127.0.0.1:6831"]
},
"propagation": {
"type": "string",
"description": "The tracing header format",
- "examples": [
- "jaeger"
- ]
+ "examples": ["jaeger"]
},
"max_tag_value_length": {
"type": "integer",
@@ -2079,11 +1887,7 @@
"sampling": {
"type": "object",
"propertyNames": {
- "enum": [
- "type",
- "value",
- "server_url"
- ]
+ "enum": ["type", "value", "server_url"]
},
"allOf": [
{
@@ -2182,10 +1986,7 @@
"format": {
"description": "The log format can either be text or JSON.",
"type": "string",
- "enum": [
- "json",
- "text"
- ]
+ "enum": ["json", "text"]
}
},
"additionalProperties": false
@@ -2194,11 +1995,7 @@
"title": "Profiling",
"description": "Enables CPU or memory profiling if set. For more details on profiling Go programs read [Profiling Go Programs](https://blog.golang.org/profiling-go-programs).",
"type": "string",
- "enum": [
- "cpu",
- "mem",
- ""
- ]
+ "enum": ["cpu", "mem", ""]
},
"version": {
"type": "string",
diff --git a/.schema/openapi/gen.typescript.yml b/.schema/openapi/gen.typescript.yml
index 8030dff4ee..5b640545fe 100644
--- a/.schema/openapi/gen.typescript.yml
+++ b/.schema/openapi/gen.typescript.yml
@@ -1,4 +1,4 @@
-npmName: "@ory/kratos-client"
+npmName: '@ory/kratos-client'
npmVersion: 0.0.0
# typescriptThreePlus: true
#npmRepository: https://github.com/ory/sdk.git
diff --git a/.schema/openapi/patches/health.yaml b/.schema/openapi/patches/health.yaml
index 1d42a1d63d..38e94c482d 100644
--- a/.schema/openapi/patches/health.yaml
+++ b/.schema/openapi/patches/health.yaml
@@ -17,16 +17,16 @@
content:
application/json:
schema:
- "$ref": "#/components/schemas/healthStatus"
- description: {{.ProjectHumanName}} is ready to accept connections.
+ '$ref': '#/components/schemas/healthStatus'
+ description: '{{.ProjectHumanName}} is ready to accept connections.'
'500':
content:
application/json:
schema:
- "$ref": "#/components/schemas/genericError"
+ '$ref': '#/components/schemas/genericError'
description: genericError
summary: Check HTTP Server Status
- tags: {{ .HealthPathTags | toJson }}
+ tags: { { .HealthPathTags | toJson } }
- op: replace
path: /paths/~1health~1ready
value:
@@ -51,7 +51,7 @@
status:
description: Always "ok".
type: string
- description: {{.ProjectHumanName}} is ready to accept requests.
+ description: '{{.ProjectHumanName}} is ready to accept requests.'
'503':
content:
application/json:
@@ -60,12 +60,14 @@
errors:
additionalProperties:
type: string
- description: Errors contains a list of errors that caused the not ready status.
+ description:
+ Errors contains a list of errors that caused the not ready
+ status.
type: object
type: object
description: Ory Kratos is not yet ready to accept requests.
summary: Check HTTP Server and Database Status
- tags: {{ .HealthPathTags | toJson }}
+ tags: '{{ .HealthPathTags | toJson }}'
- op: replace
path: /paths/~1version
value:
@@ -91,4 +93,4 @@
type: string
description: Returns the {{.ProjectHumanName}} version.
summary: Return Running Software Version.
- tags: {{ .HealthPathTags | toJson }}
+ tags: '{{ .HealthPathTags | toJson }}'
diff --git a/.schema/openapi/patches/meta.yaml b/.schema/openapi/patches/meta.yaml
index fd6d1fe182..0070bbb2db 100644
--- a/.schema/openapi/patches/meta.yaml
+++ b/.schema/openapi/patches/meta.yaml
@@ -9,4 +9,4 @@
license:
name: Apache 2.0
contact:
- email: "hi@ory.sh"
+ email: 'hi@ory.sh'
diff --git a/.schema/openapi/templates/go/.travis.yml b/.schema/openapi/templates/go/.travis.yml
index f5cb2ce9a5..755978dca7 100644
--- a/.schema/openapi/templates/go/.travis.yml
+++ b/.schema/openapi/templates/go/.travis.yml
@@ -5,4 +5,3 @@ install:
script:
- go build -v ./
-
diff --git a/.schema/version.schema.json b/.schema/version.schema.json
index 1a82a745e1..718dd5f491 100644
--- a/.schema/version.schema.json
+++ b/.schema/version.schema.json
@@ -12,9 +12,7 @@
"const": "v0.38.4-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.4-beta.1/.schema/config.schema.json"
@@ -29,9 +27,7 @@
"const": "v0.38.5-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.5-beta.1/.schema/config.schema.json"
@@ -46,9 +42,7 @@
"const": "v0.38.9-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.9-beta.1/.schema/config.schema.json"
@@ -63,9 +57,7 @@
"const": "v0.38.14-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.14-beta.1/.schema/config.schema.json"
@@ -80,9 +72,7 @@
"const": "v0.38.15-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.15-beta.1/.schema/config.schema.json"
@@ -97,9 +87,7 @@
"const": "v0.38.17-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.17-beta.1/.schema/config.schema.json"
@@ -114,9 +102,7 @@
"const": "v0.38.19-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.19-beta.1/.schema/config.schema.json"
@@ -131,9 +117,7 @@
"const": "v0.38.20-beta.1"
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.38.20-beta.1/.schema/config.schema.json"
@@ -152,18 +136,14 @@
"maxLength": 0
}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
},
{
"not": {
"properties": {
"version": {}
},
- "required": [
- "version"
- ]
+ "required": ["version"]
}
}
]
diff --git a/.schemas/authenticators.anonymous.schema.json b/.schemas/authenticators.anonymous.schema.json
index b8fa24d84a..f9fd30e8d5 100644
--- a/.schemas/authenticators.anonymous.schema.json
+++ b/.schemas/authenticators.anonymous.schema.json
@@ -8,12 +8,7 @@
"subject": {
"type": "string",
"title": "Anonymous Subject",
- "examples": [
- "guest",
- "anon",
- "anonymous",
- "unknown"
- ],
+ "examples": ["guest", "anon", "anonymous", "unknown"],
"default": "anonymous",
"description": "Sets the anonymous username."
}
diff --git a/.schemas/authenticators.cookie_session.schema.json b/.schemas/authenticators.cookie_session.schema.json
index 5a7e10b965..ac609e6187 100644
--- a/.schemas/authenticators.cookie_session.schema.json
+++ b/.schemas/authenticators.cookie_session.schema.json
@@ -10,9 +10,7 @@
"type": "string",
"format": "uri",
"description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
- "examples": [
- "https://session-store-host"
- ]
+ "examples": ["https://session-store-host"]
},
"only": {
"type": "array",
@@ -29,8 +27,6 @@
"description": "When set to true, any path specified in `check_session_url` will be preserved instead of overwriting the path with the path from the original request"
}
},
- "required": [
- "check_session_url"
- ],
+ "required": ["check_session_url"],
"additionalProperties": false
}
diff --git a/.schemas/authenticators.jwt.schema.json b/.schemas/authenticators.jwt.schema.json
index ff8fe0d108..4526e01e31 100644
--- a/.schemas/authenticators.jwt.schema.json
+++ b/.schemas/authenticators.jwt.schema.json
@@ -51,21 +51,15 @@
"title": "Max await interval for the JWK fetch",
"type": "string",
"description": "The configuration which sets the max wait threshold when fetching new JWKs",
- "default" : "1s",
- "examples": [
- "100ms",
- "1s"
- ]
+ "default": "1s",
+ "examples": ["100ms", "1s"]
},
"jwks_ttl": {
"title": "JWK cache TTL configuration",
"type": "string",
"description": "The time interval for which fetched JWKs are cached",
- "default" : "30s",
- "examples": [
- "30m",
- "6h"
- ]
+ "default": "30s",
+ "examples": ["30m", "6h"]
},
"scope_strategy": {
"$ref": "https://raw.githubusercontent.com/ory/oathkeeper/master/.schemas/scope_strategy.schema.json#"
@@ -76,9 +70,7 @@
"oneOf": [
{
"type": "object",
- "required": [
- "header"
- ],
+ "required": ["header"],
"properties": {
"header": {
"title": "Header",
@@ -89,9 +81,7 @@
},
{
"type": "object",
- "required": [
- "query_parameter"
- ],
+ "required": ["query_parameter"],
"properties": {
"query_parameter": {
"title": "Query Parameter",
@@ -102,9 +92,7 @@
},
{
"type": "object",
- "required": [
- "cookie"
- ],
+ "required": ["cookie"],
"properties": {
"cookie": {
"title": "Cookie",
diff --git a/.schemas/authenticators.noop.schema.json b/.schemas/authenticators.noop.schema.json
index 860805a40d..34aa1c3892 100644
--- a/.schemas/authenticators.noop.schema.json
+++ b/.schemas/authenticators.noop.schema.json
@@ -4,7 +4,6 @@
"type": "object",
"title": "NoOp Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
- "properties": {
- },
+ "properties": {},
"additionalProperties": false
}
diff --git a/.schemas/authenticators.oauth2_client_credentials.schema.json b/.schemas/authenticators.oauth2_client_credentials.schema.json
index a6072bba9f..19578bdba3 100644
--- a/.schemas/authenticators.oauth2_client_credentials.schema.json
+++ b/.schemas/authenticators.oauth2_client_credentials.schema.json
@@ -9,9 +9,7 @@
"type": "string",
"description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/token"
- ]
+ "examples": ["https://my-website.com/oauth2/token"]
},
"required_scope": {
"type": "array",
diff --git a/.schemas/authenticators.oauth2_introspection.schema.json b/.schemas/authenticators.oauth2_introspection.schema.json
index 6740b70c71..78e16bfebd 100644
--- a/.schemas/authenticators.oauth2_introspection.schema.json
+++ b/.schemas/authenticators.oauth2_introspection.schema.json
@@ -8,9 +8,7 @@
"introspection_url": {
"type": "string",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/introspection"
- ],
+ "examples": ["https://my-website.com/oauth2/introspection"],
"title": "OAuth 2.0 Introspection URL",
"description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required."
},
@@ -34,11 +32,7 @@
{
"type": "object",
"additionalProperties": false,
- "required": [
- "client_id",
- "client_secret",
- "token_url"
- ],
+ "required": ["client_id", "client_secret", "token_url"],
"properties": {
"enabled": {
"title": "Enabled",
@@ -65,10 +59,7 @@
"type": "string",
"title": "OAuth 2.0 Audience",
"description": "The OAuth 2.0 Audience to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- "http://www.example.com",
- "services:my-app"
- ]
+ "examples": ["http://www.example.com", "services:my-app"]
},
"scope": {
"type": "array",
@@ -77,11 +68,7 @@
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- [
- "[\"foo\", \"bar\"]"
- ]
- ]
+ "examples": [["[\"foo\", \"bar\"]"]]
}
}
}
@@ -117,9 +104,7 @@
"oneOf": [
{
"type": "object",
- "required": [
- "header"
- ],
+ "required": ["header"],
"properties": {
"header": {
"title": "Header",
@@ -130,9 +115,7 @@
},
{
"type": "object",
- "required": [
- "query_parameter"
- ],
+ "required": ["query_parameter"],
"properties": {
"query_parameter": {
"title": "Query Parameter",
@@ -143,9 +126,7 @@
},
{
"type": "object",
- "required": [
- "cookie"
- ],
+ "required": ["cookie"],
"properties": {
"cookie": {
"title": "Cookie",
@@ -157,8 +138,6 @@
]
}
},
- "required": [
- "introspection_url"
- ],
+ "required": ["introspection_url"],
"additionalProperties": false
}
diff --git a/.schemas/authenticators.unauthorized.schema.json b/.schemas/authenticators.unauthorized.schema.json
index 613b2961d2..8bf1fbcd3a 100644
--- a/.schemas/authenticators.unauthorized.schema.json
+++ b/.schemas/authenticators.unauthorized.schema.json
@@ -4,7 +4,6 @@
"type": "object",
"title": "Unauthorized Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
- "properties": {
- },
+ "properties": {},
"additionalProperties": false
}
diff --git a/.schemas/authorizers.allow.schema.json b/.schemas/authorizers.allow.schema.json
index 9471a8ddc5..67a7e14516 100644
--- a/.schemas/authorizers.allow.schema.json
+++ b/.schemas/authorizers.allow.schema.json
@@ -4,7 +4,6 @@
"type": "object",
"title": "Allow Authorizer Configuration",
"description": "This section is optional when the authorizer is disabled.",
- "properties": {
- },
+ "properties": {},
"additionalProperties": false
}
diff --git a/.schemas/authorizers.deny.schema.json b/.schemas/authorizers.deny.schema.json
index ba2690a8f7..5298de17ef 100644
--- a/.schemas/authorizers.deny.schema.json
+++ b/.schemas/authorizers.deny.schema.json
@@ -4,7 +4,6 @@
"type": "object",
"title": "Deny Authorizer Configuration",
"description": "This section is optional when the authorizer is disabled.",
- "properties": {
- },
+ "properties": {},
"additionalProperties": false
}
diff --git a/.schemas/authorizers.keto_engine_acp_ory.schema.json b/.schemas/authorizers.keto_engine_acp_ory.schema.json
index 4f7c59d9f6..f837159ea9 100644
--- a/.schemas/authorizers.keto_engine_acp_ory.schema.json
+++ b/.schemas/authorizers.keto_engine_acp_ory.schema.json
@@ -10,9 +10,7 @@
"type": "string",
"format": "uri",
"description": "The base URL of ORY Keto.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "http://my-keto/"
- ]
+ "examples": ["http://my-keto/"]
},
"required_action": {
"type": "string"
@@ -27,10 +25,6 @@
"type": "string"
}
},
- "required": [
- "base_url",
- "required_action",
- "required_resource"
- ],
+ "required": ["base_url", "required_action", "required_resource"],
"additionalProperties": false
}
diff --git a/.schemas/authorizers.remote_json.schema.json b/.schemas/authorizers.remote_json.schema.json
index 766c888d19..592504ef1d 100644
--- a/.schemas/authorizers.remote_json.schema.json
+++ b/.schemas/authorizers.remote_json.schema.json
@@ -10,33 +10,24 @@
"type": "string",
"format": "uri",
"description": "The URL of the remote authorizer. The remote authorizer is expected to return either 200 OK or 403 Forbidden to allow/deny access.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "https://host/path"
- ]
+ "examples": ["https://host/path"]
},
"payload": {
"title": "JSON Payload",
"type": "string",
"description": "The JSON payload of the request sent to the remote authorizer. The string will be parsed by the Go text/template package and applied to an AuthenticationSession object.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "{\"subject\":\"{{ .Subject }}\"}"
- ]
+ "examples": ["{\"subject\":\"{{ .Subject }}\"}"]
},
- "forward_response_headers_to_upstream": {
+ "forward_response_headers_to_upstream": {
"title": "Allowed Remote HTTP Headers for his Responses",
"type": "array",
"items": {
"type": "string"
},
"description": "A list of non simple headers the remote is allowed to return to mutate requests.",
- "examples": [
- "X-Foo"
- ]
+ "examples": ["X-Foo"]
}
},
- "required": [
- "remote",
- "payload"
- ],
+ "required": ["remote", "payload"],
"additionalProperties": false
}
diff --git a/.schemas/config.schema.json b/.schemas/config.schema.json
index 0d521b4986..216788c8cd 100644
--- a/.schemas/config.schema.json
+++ b/.schemas/config.schema.json
@@ -27,9 +27,7 @@
"path": {
"title": "Path to PEM-encoded Fle",
"type": "string",
- "examples": [
- "path/to/file.pem"
- ]
+ "examples": ["path/to/file.pem"]
},
"base64": {
"title": "Base64 Encoded Inline",
@@ -84,9 +82,7 @@
"type": "string",
"minLength": 1
},
- "default": [
- "*"
- ],
+ "default": ["*"],
"uniqueItems": true,
"examples": [
[
@@ -114,13 +110,7 @@
]
},
"uniqueItems": true,
- "default": [
- "GET",
- "POST",
- "PUT",
- "PATCH",
- "DELETE"
- ]
+ "default": ["GET", "POST", "PUT", "PATCH", "DELETE"]
},
"allowed_headers": {
"description": "A list of non simple headers the client is allowed to use with cross-domain requests.",
@@ -131,10 +121,7 @@
},
"minLength": 1,
"uniqueItems": true,
- "default": [
- "Authorization",
- "Content-Type"
- ]
+ "default": ["Authorization", "Content-Type"]
},
"exposed_headers": {
"description": "Indicates which headers are safe to expose to the API of a CORS API specification",
@@ -145,9 +132,7 @@
},
"minLength": 1,
"uniqueItems": true,
- "default": [
- "Content-Type"
- ]
+ "default": ["Content-Type"]
},
"allow_credentials": {
"type": "boolean",
@@ -174,20 +159,13 @@
"title": "Enabled",
"type": "boolean",
"default": false,
- "examples": [
- true
- ],
+ "examples": [true],
"description": "En-/disables this component."
},
"scopeStrategy": {
"title": "Scope Strategy",
"type": "string",
- "enum": [
- "hierarchic",
- "exact",
- "wildcard",
- "none"
- ],
+ "enum": ["hierarchic", "exact", "wildcard", "none"],
"default": "none",
"description": "Sets the strategy validation algorithm."
},
@@ -196,9 +174,7 @@
"title": "HTTP Redirect Error Handler",
"description": "This section is optional when the error handler is disabled.",
"additionalProperties": false,
- "required": [
- "to"
- ],
+ "required": ["to"],
"properties": {
"to": {
"title": "Redirect to",
@@ -210,10 +186,7 @@
"title": "HTTP Redirect Status Code",
"description": "Defines the HTTP Redirect status code which can bei 301 (Moved Permanently) or 302 (Found).",
"type": "integer",
- "enum": [
- 301,
- 302
- ],
+ "enum": [301, 302],
"default": 302
},
"when": {
@@ -330,11 +303,7 @@
"subject": {
"type": "string",
"title": "Anonymous Subject",
- "examples": [
- "guest",
- "anon",
- "unknown"
- ],
+ "examples": ["guest", "anon", "unknown"],
"default": "anonymous",
"description": "Sets the anonymous username."
}
@@ -351,9 +320,7 @@
"type": "string",
"format": "uri",
"description": "The origin to proxy requests to. If the response is a 200 with body `{ \"subject\": \"...\", \"extra\": {} }`. The request will pass the subject through successfully, otherwise it will be marked as unauthorized.\n\n>If this authenticator is enabled, this value is required.",
- "examples": [
- "https://session-store-host"
- ]
+ "examples": ["https://session-store-host"]
},
"only": {
"type": "array",
@@ -382,18 +349,14 @@
"default": "subject"
}
},
- "required": [
- "check_session_url"
- ],
+ "required": ["check_session_url"],
"additionalProperties": false
},
"configAuthenticatorsJwt": {
"type": "object",
"title": "JWT Authenticator Configuration",
"description": "This section is optional when the authenticator is disabled.",
- "required": [
- "jwks_urls"
- ],
+ "required": ["jwks_urls"],
"properties": {
"required_scope": {
"type": "array",
@@ -443,21 +406,15 @@
"title": "Max await interval for the JWK fetch",
"type": "string",
"description": "The configuration which sets the max wait threshold when fetching new JWKs",
- "default" : "1s",
- "examples": [
- "100ms",
- "1s"
- ]
+ "default": "1s",
+ "examples": ["100ms", "1s"]
},
"jwks_ttl": {
"title": "JWK cache TTL configuration",
"type": "string",
"description": "The time interval for which fetched JWKs are cached",
- "default" : "30s",
- "examples": [
- "30m",
- "6h"
- ]
+ "default": "30s",
+ "examples": ["30m", "6h"]
},
"scope_strategy": {
"$ref": "#/definitions/scopeStrategy"
@@ -516,9 +473,7 @@
"type": "string",
"description": "The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.\n\n>If this authenticator is enabled, this value is required.",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/token"
- ]
+ "examples": ["https://my-website.com/oauth2/token"]
},
"required_scope": {
"type": "array",
@@ -532,9 +487,7 @@
"$ref": "#/definitions/retry"
}
},
- "required": [
- "token_url"
- ],
+ "required": ["token_url"],
"additionalProperties": false
},
"configAuthenticatorsOauth2Introspection": {
@@ -545,9 +498,7 @@
"introspection_url": {
"type": "string",
"format": "uri",
- "examples": [
- "https://my-website.com/oauth2/introspection"
- ],
+ "examples": ["https://my-website.com/oauth2/introspection"],
"title": "OAuth 2.0 Introspection URL",
"description": "The OAuth 2.0 Token Introspection endpoint URL.\n\n>If this authenticator is enabled, this value is required."
},
@@ -585,10 +536,7 @@
"type": "string",
"title": "OAuth 2.0 Audience",
"description": "The OAuth 2.0 Audience to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- "http://www.example.com",
- "services:my-app"
- ]
+ "examples": ["http://www.example.com", "services:my-app"]
},
"scope": {
"type": "array",
@@ -597,12 +545,7 @@
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- [
- "foo",
- "bar"
- ]
- ]
+ "examples": [["foo", "bar"]]
}
},
"oneOf": [
@@ -614,11 +557,7 @@
}
},
{
- "required": [
- "client_id",
- "client_secret",
- "token_url"
- ],
+ "required": ["client_id", "client_secret", "token_url"],
"properties": {
"enabled": {
"const": true
@@ -646,12 +585,7 @@
},
"title": "OAuth 2.0 Scope",
"description": "The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.",
- "examples": [
- [
- "foo",
- "bar"
- ]
- ]
+ "examples": [["foo", "bar"]]
}
}
}
@@ -732,9 +666,7 @@
"$ref": "#/definitions/retry"
}
},
- "required": [
- "introspection_url"
- ],
+ "required": ["introspection_url"],
"additionalProperties": false
},
"configAuthorizersKetoEngineAcpOry": {
@@ -747,9 +679,7 @@
"type": "string",
"format": "uri",
"description": "The base URL of ORY Keto.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "http://my-keto/"
- ]
+ "examples": ["http://my-keto/"]
},
"required_action": {
"type": "string"
@@ -764,11 +694,7 @@
"type": "string"
}
},
- "required": [
- "base_url",
- "required_action",
- "required_resource"
- ],
+ "required": ["base_url", "required_action", "required_resource"],
"additionalProperties": false
},
"configAuthorizersRemoteJSON": {
@@ -781,32 +707,23 @@
"type": "string",
"format": "uri",
"description": "The URL of the remote authorizer. The remote authorizer is expected to return either 200 OK or 403 Forbidden to allow/deny access.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "https://host/path"
- ]
+ "examples": ["https://host/path"]
},
"payload": {
"title": "JSON Payload",
"type": "string",
"description": "The JSON payload of the request sent to the remote authorizer. The string will be parsed by the Go text/template package and applied to an AuthenticationSession object.\n\n>If this authorizer is enabled, this value is required.",
- "examples": [
- "{\"subject\":\"{{ .Subject }}\"}"
- ]
+ "examples": ["{\"subject\":\"{{ .Subject }}\"}"]
}
},
- "required": [
- "remote",
- "payload"
- ],
+ "required": ["remote", "payload"],
"additionalProperties": false
},
"configMutatorsCookie": {
"type": "object",
"title": "Cookie Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "cookies"
- ],
+ "required": ["cookies"],
"properties": {
"cookies": {
"type": "object",
@@ -821,9 +738,7 @@
"type": "object",
"title": "Header Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "headers"
- ],
+ "required": ["headers"],
"properties": {
"headers": {
"type": "object",
@@ -841,9 +756,7 @@
"properties": {
"api": {
"additionalProperties": false,
- "required": [
- "url"
- ],
+ "required": ["url"],
"type": "object",
"properties": {
"url": {
@@ -855,10 +768,7 @@
"additionalProperties": false,
"properties": {
"basic": {
- "required": [
- "username",
- "password"
- ],
+ "required": ["username", "password"],
"type": "object",
"additionalProperties": false,
"properties": {
@@ -878,19 +788,14 @@
}
}
},
- "required": [
- "api"
- ],
+ "required": ["api"],
"additionalProperties": false
},
"configMutatorsIdToken": {
"type": "object",
"title": "ID Token Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": [
- "jwks_url",
- "issuer_url"
- ],
+ "required": ["jwks_url", "issuer_url"],
"properties": {
"claims": {
"type": "string"
@@ -917,11 +822,7 @@
"description": "Sets the time-to-live of the JSON Web Token.",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"default": "15m",
- "examples": [
- "1h",
- "1m",
- "30s"
- ]
+ "examples": ["1h", "1m", "30s"]
}
},
"additionalProperties": false
@@ -947,10 +848,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on."
},
@@ -976,10 +874,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on. Leave empty to listen on all interfaces."
},
@@ -995,11 +890,7 @@
"default": "5s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": "The maximum duration for reading the entire request, including the body.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
},
"write": {
"title": "HTTP Write Timeout",
@@ -1007,11 +898,7 @@
"default": "120s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": "The maximum duration before timing out writes of the response. Increase this parameter to prevent unexpected closing a client connection if an upstream request is responding slowly.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
},
"idle": {
"title": "HTTP Idle Timeout",
@@ -1019,11 +906,7 @@
"default": "120s",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"description": " The maximum amount of time to wait for any action of a request session, reading data or writing the response.",
- "examples": [
- "5s",
- "5m",
- "5h"
- ]
+ "examples": ["5s", "5m", "5h"]
}
}
},
@@ -1049,10 +932,7 @@
"host": {
"type": "string",
"default": "",
- "examples": [
- "localhost",
- "127.0.0.1"
- ],
+ "examples": ["localhost", "127.0.0.1"],
"title": "Host",
"description": "The network interface to listen on. Leave empty to listen on all interfaces."
},
@@ -1093,13 +973,8 @@
"description": "This an optional field describing matching strategy. Currently supported values are 'glob' and 'regexp'.",
"type": "string",
"default": "regexp",
- "enum": [
- "glob",
- "regexp"
- ],
- "examples": [
- "glob"
- ]
+ "enum": ["glob", "regexp"],
+ "examples": ["glob"]
}
}
},
@@ -1164,9 +1039,7 @@
"$ref": "#/definitions/configAuthenticatorsCookieSession"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1196,9 +1069,7 @@
"$ref": "#/definitions/configAuthenticatorsJwt"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1228,9 +1099,7 @@
"$ref": "#/definitions/configAuthenticatorsOauth2ClientCredentials"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1260,9 +1129,7 @@
"$ref": "#/definitions/configAuthenticatorsOauth2Introspection"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1287,14 +1154,8 @@
"items": {
"type": "string"
},
- "default": [
- "json"
- ],
- "examples": [
- [
- "redirect"
- ]
- ]
+ "default": ["json"],
+ "examples": [["redirect"]]
},
"handlers": {
"additionalProperties": false,
@@ -1320,9 +1181,7 @@
"$ref": "#/definitions/configErrorsWWWAuthenticate"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1352,9 +1211,7 @@
"$ref": "#/definitions/configErrorsRedirect"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1385,9 +1242,7 @@
"$ref": "#/definitions/configErrorsJSON"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1453,9 +1308,7 @@
"$ref": "#/definitions/configAuthorizersKetoEngineAcpOry"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1485,9 +1338,7 @@
"$ref": "#/definitions/configAuthorizersRemoteJSON"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1536,9 +1387,7 @@
"$ref": "#/definitions/configMutatorsCookie"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1568,9 +1417,7 @@
"$ref": "#/definitions/configMutatorsHeader"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1600,9 +1447,7 @@
"$ref": "#/definitions/configMutatorsHydrator"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1632,9 +1477,7 @@
"$ref": "#/definitions/configMutatorsIdToken"
}
},
- "required": [
- "config"
- ]
+ "required": ["config"]
},
{
"properties": {
@@ -1655,24 +1498,14 @@
"level": {
"type": "string",
"default": "info",
- "enum": [
- "panic",
- "fatal",
- "error",
- "warn",
- "info",
- "debug"
- ],
+ "enum": ["panic", "fatal", "error", "warn", "info", "debug"],
"title": "Level",
"description": "Debug enables stack traces on errors. Can also be set using environment variable LOG_LEVEL."
},
"format": {
"type": "string",
"default": "text",
- "enum": [
- "text",
- "json"
- ],
+ "enum": ["text", "json"],
"title": "Format",
"description": "The log format can either be text or JSON."
}
@@ -1683,11 +1516,7 @@
"title": "Profiling",
"description": "Enables CPU or memory profiling if set. For more details on profiling Go programs read [Profiling Go Programs](https://blog.golang.org/profiling-go-programs).",
"type": "string",
- "enum": [
- "cpu",
- "mem",
- ""
- ]
+ "enum": ["cpu", "mem", ""]
}
},
"required": [],
diff --git a/.schemas/mutators.hydrator.schema.json b/.schemas/mutators.hydrator.schema.json
index d0cb76a317..24ec133d31 100644
--- a/.schemas/mutators.hydrator.schema.json
+++ b/.schemas/mutators.hydrator.schema.json
@@ -7,9 +7,7 @@
"properties": {
"api": {
"additionalProperties": false,
- "required": [
- "url"
- ],
+ "required": ["url"],
"type": "object",
"properties": {
"url": {
@@ -21,10 +19,7 @@
"additionalProperties": false,
"properties": {
"basic": {
- "required": [
- "username",
- "password"
- ],
+ "required": ["username", "password"],
"type": "object",
"additionalProperties": false,
"properties": {
@@ -57,8 +52,6 @@
}
}
},
- "required": [
- "api"
- ],
+ "required": ["api"],
"additionalProperties": false
}
diff --git a/.schemas/mutators.id_token.schema.json b/.schemas/mutators.id_token.schema.json
index f4d113ded0..c160f0bc08 100644
--- a/.schemas/mutators.id_token.schema.json
+++ b/.schemas/mutators.id_token.schema.json
@@ -4,7 +4,7 @@
"type": "object",
"title": "ID Token Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "required": ["jwks_url","issuer_url"],
+ "required": ["jwks_url", "issuer_url"],
"properties": {
"claims": {
"type": "string"
@@ -31,11 +31,7 @@
"description": "Sets the time-to-live of the JSON Web Token.",
"pattern": "^[0-9]+(ns|us|ms|s|m|h)$",
"default": "1m",
- "examples": [
- "1h",
- "1m",
- "30s"
- ]
+ "examples": ["1h", "1m", "30s"]
}
},
"additionalProperties": false
diff --git a/.schemas/mutators.noop.schema.json b/.schemas/mutators.noop.schema.json
index ee7fb89ad1..dc707bad7b 100644
--- a/.schemas/mutators.noop.schema.json
+++ b/.schemas/mutators.noop.schema.json
@@ -4,7 +4,6 @@
"type": "object",
"title": "NoOp Mutator Configuration",
"description": "This section is optional when the mutator is disabled.",
- "properties": {
- },
+ "properties": {},
"additionalProperties": false
}
diff --git a/.schemas/scope_strategy.schema.json b/.schemas/scope_strategy.schema.json
index 060834f2f8..cfd35c09dc 100644
--- a/.schemas/scope_strategy.schema.json
+++ b/.schemas/scope_strategy.schema.json
@@ -3,12 +3,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Scope Strategy",
"type": "string",
- "enum": [
- "hierarchic",
- "exact",
- "wildcard",
- "none"
- ],
+ "enum": ["hierarchic", "exact", "wildcard", "none"],
"default": "none",
"description": "Sets the strategy validation algorithm."
}
diff --git a/Makefile b/Makefile
index 935f4568f0..8cac564f79 100644
--- a/Makefile
+++ b/Makefile
@@ -34,10 +34,6 @@ format: .bin/goimports node_modules
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b .bin ory v0.1.22
touch -a -m .bin/ory
-# Generates the SDKs
-.PHONY: sdk
-sdk: .bin/packr2 .bin/swagger .bin/ory
-
# Generates the SDK
.PHONY: sdk
sdk: .bin/swagger .bin/ory node_modules
diff --git a/README.md b/README.md
index 349358ad6f..32fe801d9b 100644
--- a/README.md
+++ b/README.md
@@ -86,21 +86,17 @@ on Linux, macOS, Windows, and Docker and how to build ORY Oathkeeper from source
-The Ory community stands on the shoulders of individuals, companies, and
-maintainers. We thank everyone involved - from submitting bug reports and
-feature requests, to contributing patches, to sponsoring our work. Our community
-is 1000+ strong and growing rapidly. The Ory stack protects 16.000.000.000+ API
-requests every month with over 250.000+ active service nodes. We would have
+The Ory community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved - from submitting
+bug reports and feature requests, to contributing patches, to sponsoring our work. Our community is 1000+ strong and growing
+rapidly. The Ory stack protects 16.000.000.000+ API requests every month with over 250.000+ active service nodes. We would have
never been able to achieve this without each and everyone of you!
-The following list represents companies that have accompanied us along the way
-and that have made outstanding contributions to our ecosystem. _If you think
-that your company deserves a spot here, reach out to
+The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our
+ecosystem. _If you think that your company deserves a spot here, reach out to
office-muc@ory.sh now_!
-**Please consider giving back by becoming a sponsor of our open source work on
-Patreon or
-Open Collective.**
+**Please consider giving back by becoming a sponsor of our open source work on Patreon
+or Open Collective.**
@@ -267,10 +263,8 @@ as well as all of our backers
-and past & current supporters (in alphabetical order) on
-[Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy
-Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans,
-TheCrealm.
+and past & current supporters (in alphabetical order) on [Patreon](https://www.patreon.com/_ory): Alexander Alimovs, Billy, Chancy
+Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm.
\* Uses one of Ory's major projects in production.
@@ -280,51 +274,42 @@ TheCrealm.
-We build Ory on several guiding principles when it comes to our architecture
-design:
+We build Ory on several guiding principles when it comes to our architecture design:
- Minimal dependencies
- Runs everywhere
- Scales without effort
- Minimize room for human and network errors
-Ory's architecture is designed to run best on a Container Orchestration system
-such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are
-small (5-15MB) and available for all popular processor types (ARM, AMD64, i386)
-and operating systems (FreeBSD, Linux, macOS, Windows) without system
-dependencies (Java, Node, Ruby, libxml, ...).
+Ory's architecture is designed to run best on a Container Orchestration system such as Kubernetes, CloudFoundry, OpenShift, and
+similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating
+systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...).
### Ory Kratos: Identity and User Infrastructure and Management
-[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User
-Management system that is built according to
-[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy).
-It implements core use cases that almost every software application needs to
-deal with: Self-service Login and Registration, Multi-Factor Authentication
-(MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
+[Ory Kratos](https://github.com/ory/kratos) is an API-first Identity and User Management system that is built according to
+[cloud architecture best practices](https://www.ory.sh/docs/next/ecosystem/software-architecture-philosophy). It implements core
+use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor
+Authentication (MFA/2FA), Account Recovery and Verification, Profile, and Account Management.
### Ory Hydra: OAuth2 & OpenID Connect Server
-[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and
-OpenID Connect Provider which easily connects to any existing identity system by
-writing a tiny "bridge" application. Gives absolute control over user interface
-and user experience flows.
+[Ory Hydra](https://github.com/ory/hydra) is an OpenID Certified™ OAuth2 and OpenID Connect Provider which easily connects to any
+existing identity system by writing a tiny "bridge" application. Gives absolute control over user interface and user experience
+flows.
### Ory Oathkeeper: Identity & Access Proxy
-[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust
-Identity & Access Proxy (IAP) with configurable authentication, authorization,
-and request mutation rules for your web services: Authenticate JWT, Access
-Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the
-request; Encode resulting content into custom headers (`X-User-ID`), JSON Web
-Tokens and more!
+[Ory Oathkeeper](https://github.com/ory/oathkeeper) is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) with configurable
+authentication, authorization, and request mutation rules for your web services: Authenticate JWT, Access Tokens, API Keys, mTLS;
+Check if the contained subject is allowed to perform the request; Encode resulting content into custom headers (`X-User-ID`), JSON
+Web Tokens and more!
### Ory Keto: Access Control Policies as a Server
-[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a
-set of access control policies, similar to AWS IAM Policies, in order to
-determine whether a subject (user, application, service, car, ...) is authorized
-to perform a certain action on a resource.
+[Ory Keto](https://github.com/ory/keto) is a policy decision point. It uses a set of access control policies, similar to AWS IAM
+Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action
+on a resource.
diff --git a/docker-compose.yml b/docker-compose.yml
index 66dbf230ec..a1e4a71874 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,10 +6,9 @@ services:
context: .
dockerfile: Dockerfile-dc
ports:
- - "4455:4455"
- - "4456:4456"
- command:
- serve --config=/etc/config/oathkeeper/config.yaml
+ - '4455:4455'
+ - '4456:4456'
+ command: serve --config=/etc/config/oathkeeper/config.yaml
environment:
- TRACING_PROVIDER=jaeger
- TRACING_PROVIDER_JAEGER_SAMPLING_SERVER_URL=http://jaeger:5778/sampling
@@ -24,7 +23,7 @@ services:
jaeger:
image: jaegertracing/all-in-one
ports:
- - "16686:16686" # The UI port
+ - '16686:16686' # The UI port
# These are ports for collecting, sampling, agents, ...
# - "5775:5775/udp"
# - "6831:6831/udp"
diff --git a/docs/README.md b/docs/README.md
index 215a06a3eb..7e51f63c3d 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -2,4 +2,5 @@
Please find the documentation at [www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper).
-To contribute to the documentation, please head over to: [github.com/ory/docs/tree/master/docs/oathkeeper](https://github.com/ory/docs/tree/master/docs/oathkeeper)
+To contribute to the documentation, please head over to:
+[github.com/ory/docs/tree/master/docs/oathkeeper](https://github.com/ory/docs/tree/master/docs/oathkeeper)
diff --git a/go.sum b/go.sum
index 02a61a8898..6699226f91 100644
--- a/go.sum
+++ b/go.sum
@@ -91,19 +91,13 @@ github.com/DataDog/datadog-go v4.0.0+incompatible h1:Dq8Dr+4sV1gBO1sHDWdW+4G+Pds
github.com/DataDog/datadog-go v4.0.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7/go.mod h1:Q5DbzQ+3AkgGwymQO7aZFNP7ns2lZKGtvRBzRXfdi60=
github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo=
-github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg=
-github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=
github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk=
-github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y=
-github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA=
github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
@@ -763,8 +757,6 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs=
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
@@ -1163,7 +1155,6 @@ github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLS
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 h1:pntxY8Ary0t43dCZ5dqY4YTJCObLY1kIXl0uzMv+7DE=
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
diff --git a/internal/config/.oathkeeper.yaml b/internal/config/.oathkeeper.yaml
index 5195aae6dc..1d02a97b46 100644
--- a/internal/config/.oathkeeper.yaml
+++ b/internal/config/.oathkeeper.yaml
@@ -115,8 +115,7 @@ errors:
config:
verbose: true
when:
- -
- error:
+ - error:
- unauthorized
- forbidden
- internal_server_error
@@ -137,7 +136,6 @@ authenticators:
enabled: true
config:
-
# Sets the anonymous username. Defaults to "anonymous". Common names include "guest", "anon", "anonymous", "unknown".
subject: guest
@@ -147,7 +145,6 @@ authenticators:
enabled: true
config:
-
# Sets the origin to proxy requests to. If the response is a 200 with body `{ "subject": "...", "extra": {} }`
# The request will pass the subject through successfully, otherwise it will be marked as unauthorized
check_session_url: https://session-store-host
@@ -163,7 +160,6 @@ authenticators:
enabled: true
config:
-
# REQUIRED IF ENABLED - The URL where ORY Oathkeeper can retrieve JSON Web Keys from for validating the JSON Web
# Token. Usually something like "https://my-keys.com/.well-known/jwks.json". The response of that endpoint must
# return a JSON Web Key Set (JWKS).
@@ -187,7 +183,6 @@ authenticators:
enabled: true
config:
-
# REQUIRED IF ENABLED - The OAuth 2.0 Token Endpoint that will be used to validate the client credentials.
token_url: https://my-website.com/oauth2/token
@@ -197,7 +192,6 @@ authenticators:
enabled: true
config:
-
# REQUIRED IF ENABLED - The OAuth 2.0 Token Introspection endpoint.
introspection_url: https://my-website.com/oauth2/introspection
@@ -274,7 +268,7 @@ authorizers:
config:
remote: https://host/path
- payload: "{}"
+ payload: '{}'
forward_response_headers_to_upstream:
- x-foo
diff --git a/package-lock.json b/package-lock.json
index 2a2db3a67b..d9f59a1608 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,7 @@
"devDependencies": {
"doctoc": "^2.0.0",
"ory-prettier-styles": "1.2.0",
- "prettier": "2.2.1"
+ "prettier": "2.6.2"
}
},
"node_modules/@nestjs/common": {
@@ -1866,15 +1866,18 @@
"integrity": "sha512-jczvQbCUS7XmS7o+y1aEO9OBVFeZBQ1MDSEqmO7xSoPgOPoowY/SxLpZ6Vh97/8qHZOteiCKb7gkG9gA2ZUxJA=="
},
"node_modules/prettier": {
- "version": "2.2.1",
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.2.1.tgz",
- "integrity": "sha512-PqyhM2yCjg/oKkFPtTGUojv7gnZAoG80ttl45O6x2Ug/rMJw4wcc9k6aaf2hibP7BGVCCM33gZoGjyvt9mm16Q==",
+ "version": "2.6.2",
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
+ "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
"dev": true,
"bin": {
"prettier": "bin-prettier.js"
},
"engines": {
"node": ">=10.13.0"
+ },
+ "funding": {
+ "url": "https://github.com/prettier/prettier?sponsor=1"
}
},
"node_modules/readable-stream": {
@@ -3670,9 +3673,9 @@
"integrity": "sha512-jczvQbCUS7XmS7o+y1aEO9OBVFeZBQ1MDSEqmO7xSoPgOPoowY/SxLpZ6Vh97/8qHZOteiCKb7gkG9gA2ZUxJA=="
},
"prettier": {
- "version": "2.2.1",
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.2.1.tgz",
- "integrity": "sha512-PqyhM2yCjg/oKkFPtTGUojv7gnZAoG80ttl45O6x2Ug/rMJw4wcc9k6aaf2hibP7BGVCCM33gZoGjyvt9mm16Q==",
+ "version": "2.6.2",
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
+ "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
"dev": true
},
"readable-stream": {
diff --git a/package.json b/package.json
index 24486f544c..6b41efe0b1 100644
--- a/package.json
+++ b/package.json
@@ -5,8 +5,8 @@
"license": "Apache-2.0",
"scripts": {
"doctoc": "doctoc README.md",
- "format": "prettier --write ${npm_package_config_prettierTarget}",
- "format:check": "prettier --check ${npm_package_config_prettierTarget}"
+ "format": "prettier --write .",
+ "format:check": "prettier --check ."
},
"browser": {
"fs": false
@@ -18,7 +18,7 @@
"devDependencies": {
"doctoc": "^2.0.0",
"ory-prettier-styles": "1.2.0",
- "prettier": "2.2.1"
+ "prettier": "2.6.2"
},
"dependencies": {
"@openapitools/openapi-generator-cli": "^2.4.26"
diff --git a/spec/api.json b/spec/api.json
index 9ea55732a2..67d7a2affe 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -317,9 +317,7 @@
}
},
"summary": "Lists Cryptographic Keys",
- "tags": [
- "api"
- ]
+ "tags": ["api"]
}
},
"/decisions": {
@@ -372,9 +370,7 @@
}
},
"summary": "Access Control Decision API",
- "tags": [
- "api"
- ]
+ "tags": ["api"]
}
},
"/health/alive": {
@@ -392,9 +388,7 @@
"type": "string"
}
},
- "required": [
- "status"
- ],
+ "required": ["status"],
"type": "object"
}
}
@@ -413,9 +407,7 @@
}
},
"summary": "Check HTTP Server Status",
- "tags": [
- "metadata"
- ]
+ "tags": ["metadata"]
}
},
"/health/ready": {
@@ -433,9 +425,7 @@
"type": "string"
}
},
- "required": [
- "status"
- ],
+ "required": ["status"],
"type": "object"
}
}
@@ -455,9 +445,7 @@
"type": "object"
}
},
- "required": [
- "errors"
- ],
+ "required": ["errors"],
"type": "object"
}
}
@@ -466,9 +454,7 @@
}
},
"summary": "Check HTTP Server and Database Status",
- "tags": [
- "metadata"
- ]
+ "tags": ["metadata"]
}
},
"/rules": {
@@ -511,9 +497,7 @@
}
},
"summary": "List All Rules",
- "tags": [
- "api"
- ]
+ "tags": ["api"]
}
},
"/rules/{id}": {
@@ -556,9 +540,7 @@
}
},
"summary": "Retrieve a Rule",
- "tags": [
- "api"
- ]
+ "tags": ["api"]
}
},
"/version": {
@@ -576,9 +558,7 @@
"type": "string"
}
},
- "required": [
- "version"
- ],
+ "required": ["version"],
"type": "object"
}
}
@@ -587,12 +567,10 @@
}
},
"summary": "Return Running Software Version.",
- "tags": [
- "metadata"
- ]
+ "tags": ["metadata"]
}
}
},
"x-forwarded-proto": "string",
"x-request-id": "string"
-}
\ No newline at end of file
+}
diff --git a/spec/swagger.json b/spec/swagger.json
index 134657fa92..c1207fe520 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -1,14 +1,7 @@
{
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
"swagger": "2.0",
"info": {
"description": "ORY Oathkeeper is a reverse proxy that checks the HTTP Authorization for validity against a set of rules. This service uses Hydra to validate access tokens and policies.",
@@ -25,16 +18,9 @@
"/.well-known/jwks.json": {
"get": {
"description": "This endpoint returns cryptographic keys that are required to, for example, verify signatures of ID Tokens.",
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Lists Cryptographic Keys",
"operationId": "getWellKnownJSONWebKeys",
"responses": {
@@ -56,13 +42,8 @@
"/decisions": {
"get": {
"description": "\u003e This endpoint works with all HTTP Methods (GET, POST, PUT, ...) and matches every path prefixed with /decision.\n\nThis endpoint mirrors the proxy capability of ORY Oathkeeper's proxy functionality but instead of forwarding the\nrequest to the upstream server, returns 200 (request should be allowed), 401 (unauthorized), or 403 (forbidden)\nstatus codes. This endpoint can be used to integrate with other API Proxies like Ambassador, Kong, Envoy, and many more.",
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Access Control Decision API",
"operationId": "decisions",
"responses": {
@@ -99,12 +80,8 @@
"/health/alive": {
"get": {
"description": "This endpoint returns a 200 status code when the HTTP server is up running.\nThis status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Check Alive Status",
"operationId": "isInstanceAlive",
"responses": {
@@ -126,12 +103,8 @@
"/health/ready": {
"get": {
"description": "This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Check Readiness Status",
"operationId": "isInstanceReady",
"responses": {
@@ -153,19 +126,10 @@
"/rules": {
"get": {
"description": "This method returns an array of all rules that are stored in the backend. This is useful if you want to get a full\nview of what rules you have currently in place.",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "List All Rules",
"operationId": "listRules",
"parameters": [
@@ -200,19 +164,10 @@
"/rules/{id}": {
"get": {
"description": "Use this method to retrieve a rule from the storage. If it does not exist you will receive a 404 error.",
- "consumes": [
- "application/json"
- ],
- "produces": [
- "application/json"
- ],
- "schemes": [
- "http",
- "https"
- ],
- "tags": [
- "api"
- ],
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["api"],
"summary": "Retrieve a Rule",
"operationId": "getRule",
"parameters": [
@@ -245,12 +200,8 @@
"/version": {
"get": {
"description": "This endpoint returns the service version typically notated using semantic versioning.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.",
- "produces": [
- "application/json"
- ],
- "tags": [
- "api"
- ],
+ "produces": ["application/json"],
+ "tags": ["api"],
"summary": "Get Service Version",
"operationId": "getVersion",
"responses": {
@@ -265,7 +216,7 @@
}
},
"definitions": {
- "UUID": {"type": "string", "format": "uuid4"},
+ "UUID": { "type": "string", "format": "uuid4" },
"Upstream": {
"description": "Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream Upstream upstream",
"type": "object",
@@ -531,4 +482,4 @@
},
"x-forwarded-proto": "string",
"x-request-id": "string"
-}
\ No newline at end of file
+}
diff --git a/test/e2e/config.yml b/test/e2e/config.yml
index 38b83fee51..f2ec9031c0 100644
--- a/test/e2e/config.yml
+++ b/test/e2e/config.yml
@@ -28,4 +28,4 @@ serve:
port: 6661
log:
- level: debug
\ No newline at end of file
+ level: debug
diff --git a/test/e2e/e2e-rules.json b/test/e2e/e2e-rules.json
index ff9bd16d81..da24eebec1 100644
--- a/test/e2e/e2e-rules.json
+++ b/test/e2e/e2e-rules.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:<6660|6661>/jwt",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
diff --git a/test/forwarded-header/rules.1.json b/test/forwarded-header/rules.1.json
index 27d8824b9b..f1d1d0ec02 100644
--- a/test/forwarded-header/rules.1.json
+++ b/test/forwarded-header/rules.1.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:6060/http",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
@@ -31,9 +29,7 @@
},
"match": {
"url": "https://127.0.0.1:6060/https",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
diff --git a/test/reload/rules.1.json b/test/reload/rules.1.json
index e9c8bfd6b6..3d6532e210 100644
--- a/test/reload/rules.1.json
+++ b/test/reload/rules.1.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:6060/rules",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
@@ -24,4 +22,4 @@
}
]
}
-]
\ No newline at end of file
+]
diff --git a/test/reload/rules.2.json b/test/reload/rules.2.json
index 492c96a372..8bd68d76de 100644
--- a/test/reload/rules.2.json
+++ b/test/reload/rules.2.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:6060/rules",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
@@ -24,4 +22,4 @@
}
]
}
-]
\ No newline at end of file
+]
diff --git a/test/reload/rules.3.1.json b/test/reload/rules.3.1.json
index 4215bfc4f6..9610a468e5 100644
--- a/test/reload/rules.3.1.json
+++ b/test/reload/rules.3.1.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:6060/other-rules",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
@@ -24,4 +22,4 @@
}
]
}
-]
\ No newline at end of file
+]
diff --git a/test/reload/rules.3.2.json b/test/reload/rules.3.2.json
index 50689215f0..842cdc0bf1 100644
--- a/test/reload/rules.3.2.json
+++ b/test/reload/rules.3.2.json
@@ -6,9 +6,7 @@
},
"match": {
"url": "http://127.0.0.1:6060/other-rules",
- "methods": [
- "GET"
- ]
+ "methods": ["GET"]
},
"authenticators": [
{
@@ -24,4 +22,4 @@
}
]
}
-]
\ No newline at end of file
+]
diff --git a/test/stub/jwks-ecdsa.json b/test/stub/jwks-ecdsa.json
index 4bc7db8bc7..3b5a6d93d4 100644
--- a/test/stub/jwks-ecdsa.json
+++ b/test/stub/jwks-ecdsa.json
@@ -1,6 +1,23 @@
{
"keys": [
- {"kid":"21d9eefe-34b6-42b3-b643-2b30e0ab59e0","use":"sig","kty":"EC","crv":"P-256","alg":"ES256","x":"kiqIyeqJSFUSVpXkqFFzs1ZjmNv0zcRVFVwBAxt_g9U","y":"0bpeB75l6lJQs6t5tUkQcaa1yNd8W2o50zYWd-xjeFU"},
- {"kid":"76a19c1b-5dbe-46cb-b3f3-a8c38c8bb8eb","use":"sig","kty":"EC","crv":"P-256","alg":"ES256","x":"kiqIyeqJSFUSVpXkqFFzs1ZjmNv0zcRVFVwBAxt_g9U","y":"0bpeB75l6lJQs6t5tUkQcaa1yNd8W2o50zYWd-xjeFU","d":"6vMo_q1f-OvMBDbnPL7d2cTRIi-izFY-G5j8AhJmZ3M"}
+ {
+ "kid": "21d9eefe-34b6-42b3-b643-2b30e0ab59e0",
+ "use": "sig",
+ "kty": "EC",
+ "crv": "P-256",
+ "alg": "ES256",
+ "x": "kiqIyeqJSFUSVpXkqFFzs1ZjmNv0zcRVFVwBAxt_g9U",
+ "y": "0bpeB75l6lJQs6t5tUkQcaa1yNd8W2o50zYWd-xjeFU"
+ },
+ {
+ "kid": "76a19c1b-5dbe-46cb-b3f3-a8c38c8bb8eb",
+ "use": "sig",
+ "kty": "EC",
+ "crv": "P-256",
+ "alg": "ES256",
+ "x": "kiqIyeqJSFUSVpXkqFFzs1ZjmNv0zcRVFVwBAxt_g9U",
+ "y": "0bpeB75l6lJQs6t5tUkQcaa1yNd8W2o50zYWd-xjeFU",
+ "d": "6vMo_q1f-OvMBDbnPL7d2cTRIi-izFY-G5j8AhJmZ3M"
+ }
]
}
diff --git a/test/stub/jwks-hs.json b/test/stub/jwks-hs.json
index 9908a5202e..f346d068dc 100644
--- a/test/stub/jwks-hs.json
+++ b/test/stub/jwks-hs.json
@@ -8,4 +8,4 @@
"use": "sig"
}
]
-}
\ No newline at end of file
+}
diff --git a/test/stub/jwks-rsa-single.json b/test/stub/jwks-rsa-single.json
index 5de0bd45d7..dfd082a1e0 100644
--- a/test/stub/jwks-rsa-single.json
+++ b/test/stub/jwks-rsa-single.json
@@ -15,4 +15,4 @@
"n": "hAH9gk97KfX-umWitXhTD32qYoPfQoTseOBnTUA2V_jhlKBxC2w2jjDFauLLMtaQmXKQ1Soc0Q0Q5rbmD3hx5xkyMWP7PXqB3nnKYnyFXZDRIK8xG4RiVWZz82c5-Vy6BYLLVB1h9xEcwcIlcswAx9PQw4qlarhPWJMWMUroUS_YgJrGlDRCaGO5649zQpajJOqPZZwJDlX0aunjlJ4U6arcLidGaedzPNA6k2jxxDBZs7Qo5aidZ3BHaQlZQT8LI_AcHgDR_x4ExExYL9HSR4miYfH3BnxH4U3KKASLaZe9iz724rjomyVclFLW_GCAKnC6HKDxV-IUlAGYORH0hQ"
}
]
-}
\ No newline at end of file
+}
diff --git a/test/stub/rules.json b/test/stub/rules.json
index 9d9b270a52..4f0d5243ad 100644
--- a/test/stub/rules.json
+++ b/test/stub/rules.json
@@ -8,10 +8,7 @@
},
"match": {
"url": "myproxy.com/api",
- "methods": [
- "GET",
- "POST"
- ]
+ "methods": ["GET", "POST"]
},
"authenticators": [
{
@@ -39,10 +36,7 @@
},
"match": {
"url": "myproxy.com/api",
- "methods": [
- "GET",
- "POST"
- ]
+ "methods": ["GET", "POST"]
},
"authenticators": [
{
@@ -78,10 +72,7 @@
},
"match": {
"url": "myproxy.com/api",
- "methods": [
- "GET",
- "POST"
- ]
+ "methods": ["GET", "POST"]
},
"authenticators": [
{
@@ -103,4 +94,4 @@
}
]
}
-]
\ No newline at end of file
+]
diff --git a/test/update/config_default.yaml b/test/update/config_default.yaml
index a11b1ef842..8b1a26086c 100644
--- a/test/update/config_default.yaml
+++ b/test/update/config_default.yaml
@@ -1,2 +1,2 @@
access_rules:
- repositories: file://../test/update/rules_glob.yaml
\ No newline at end of file
+ repositories: file://../test/update/rules_glob.yaml
diff --git a/test/update/config_error.yaml b/test/update/config_error.yaml
index a9c0376ca6..e8a0fcf790 100644
--- a/test/update/config_error.yaml
+++ b/test/update/config_error.yaml
@@ -1,3 +1,3 @@
access_rules:
repositories: file://../test/update/rules_glob.yaml
- matching_strategy: UNKNOWN
\ No newline at end of file
+ matching_strategy: UNKNOWN
diff --git a/test/update/config_glob.yaml b/test/update/config_glob.yaml
index ec4aba7b3d..51d4d20674 100644
--- a/test/update/config_glob.yaml
+++ b/test/update/config_glob.yaml
@@ -1,3 +1,3 @@
access_rules:
repositories: file://../test/update/rules_glob.yaml
- matching_strategy: glob
\ No newline at end of file
+ matching_strategy: glob
diff --git a/test/update/config_no_repo.yaml b/test/update/config_no_repo.yaml
index 304048484a..d8846d1b76 100644
--- a/test/update/config_no_repo.yaml
+++ b/test/update/config_no_repo.yaml
@@ -1,2 +1,2 @@
access_rules:
- repositories:
\ No newline at end of file
+ repositories:
diff --git a/test/update/config_regexp.yaml b/test/update/config_regexp.yaml
index 369ac5c545..6163c6c4b5 100644
--- a/test/update/config_regexp.yaml
+++ b/test/update/config_regexp.yaml
@@ -1,3 +1,3 @@
access_rules:
repositories: file://../test/update/rules_glob.yaml
- matching_strategy: regexp
\ No newline at end of file
+ matching_strategy: regexp
diff --git a/test/update/rules_glob.yaml b/test/update/rules_glob.yaml
index e898ab305a..3941a16436 100644
--- a/test/update/rules_glob.yaml
+++ b/test/update/rules_glob.yaml
@@ -3,4 +3,4 @@
url: myproxy.com/
methods:
- GET
- - POST
\ No newline at end of file
+ - POST