local main = import "main.jsonnet";
local cookieSessionAuthenticator = {
handler: "cookie_session"
};
local oauth2ClientCredentialsAuthenticator = {
handler: "oauth2_client_credentials"
};
local allowAuthorizer = {
handler: "allow"
};
local ketoAuthorizer(object) = {
handler: "remote_json", config: {
remote: main.sso.check_api_url,
payload: |||
{
"namespace": "websites",
"subject": "{{ print .Subject }}",
"object": object,
"relation": "access"
}
|||}
};
local errorRedirectHandler = {
handler: "redirect",
config: {
to: main.sso.login_url,
return_to_query_param: "return_to"
}
};
local idTokenMutator = {handler: "id_token"};
local headerMutator = {handler: "header"};
{
authenticators: {
cookieSession: cookieSessionAuthenticator,
oauth2ClientCredentials: oauth2ClientCredentialsAuthenticator,
},
authorizers: {
keto: ketoAuthorizer,
allow: allowAuthorizer,
},
errors: {
redirect: errorRedirectHandler,
},
mutators: {
idToken: idTokenMutator,
header: headerMutator
},
allHttpMethods: ["OPTIONS", "GET", "POST", "PUT", "PATCH", "DELETE"],
}
