From fa1f37dc90be611e9a53a17fe33c03b3ddaa9989 Mon Sep 17 00:00:00 2001 From: kyy Date: Mon, 2 Feb 2026 14:43:55 +0900 Subject: [PATCH] =?UTF-8?q?Oathkeeper=20API=20=EC=95=A1=EC=84=B8=EC=8A=A4?= =?UTF-8?q?=20=EA=B7=9C=EC=B9=99=20=EB=B0=8F=20=EA=B2=BD=EB=A1=9C=20?= =?UTF-8?q?=EC=97=85=EB=8D=B0=EC=9D=B4=ED=8A=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/ory/oathkeeper/rules.active.json | 45 +++++++++++++++++++++++++ docker/ory/oathkeeper/rules.json | 45 +++++++++++++++++++++++++ docker/ory/oathkeeper/rules.stage.json | 45 +++++++++++++++++++++++++ 3 files changed, 135 insertions(+) diff --git a/docker/ory/oathkeeper/rules.active.json b/docker/ory/oathkeeper/rules.active.json index 921b8366..42a09d19 100755 --- a/docker/ory/oathkeeper/rules.active.json +++ b/docker/ory/oathkeeper/rules.active.json @@ -83,6 +83,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-well-known-oidc", + "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>", + "methods": ["GET", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-oauth2", "description": "Hydra OAuth2 Endpoints", @@ -97,6 +112,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-oauth2-oidc", + "description": "Hydra OAuth2 Endpoints (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>", + "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-userinfo", "description": "Hydra Userinfo", @@ -110,5 +140,20 @@ "authenticators": [{ "handler": "noop" }], "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] + }, + { + "id": "hydra-userinfo-oidc", + "description": "Hydra Userinfo (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/userinfo", + "methods": ["GET", "POST", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] } ] diff --git a/docker/ory/oathkeeper/rules.json b/docker/ory/oathkeeper/rules.json index 921b8366..42a09d19 100755 --- a/docker/ory/oathkeeper/rules.json +++ b/docker/ory/oathkeeper/rules.json @@ -83,6 +83,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-well-known-oidc", + "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>", + "methods": ["GET", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-oauth2", "description": "Hydra OAuth2 Endpoints", @@ -97,6 +112,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-oauth2-oidc", + "description": "Hydra OAuth2 Endpoints (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>", + "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-userinfo", "description": "Hydra Userinfo", @@ -110,5 +140,20 @@ "authenticators": [{ "handler": "noop" }], "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] + }, + { + "id": "hydra-userinfo-oidc", + "description": "Hydra Userinfo (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/userinfo", + "methods": ["GET", "POST", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] } ] diff --git a/docker/ory/oathkeeper/rules.stage.json b/docker/ory/oathkeeper/rules.stage.json index e65e9d51..42383387 100755 --- a/docker/ory/oathkeeper/rules.stage.json +++ b/docker/ory/oathkeeper/rules.stage.json @@ -83,6 +83,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-well-known-oidc", + "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>", + "methods": ["GET", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-oauth2", "description": "Hydra OAuth2 Endpoints", @@ -97,6 +112,21 @@ "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] }, + { + "id": "hydra-oauth2-oidc", + "description": "Hydra OAuth2 Endpoints (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>", + "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] + }, { "id": "hydra-userinfo", "description": "Hydra Userinfo", @@ -110,5 +140,20 @@ "authenticators": [{ "handler": "noop" }], "authorizer": { "handler": "allow" }, "mutators": [{ "handler": "noop" }] + }, + { + "id": "hydra-userinfo-oidc", + "description": "Hydra Userinfo (with /oidc prefix)", + "match": { + "url": "<.*>://sso-test.hmac.kr/oidc/userinfo", + "methods": ["GET", "POST", "OPTIONS"] + }, + "upstream": { + "url": "http://hydra:4444", + "strip_path_prefix": "/oidc" + }, + "authenticators": [{ "handler": "noop" }], + "authorizer": { "handler": "allow" }, + "mutators": [{ "handler": "noop" }] } ] \ No newline at end of file