Oathkeeper API 액세스 규칙 및 경로 업데이트

2026-02-02 14:43:55 +09:00
parent 8a9bbeeb88
commit fa1f37dc90
3 changed files with 135 additions and 0 deletions
--- a/docker/ory/oathkeeper/rules.active.json
+++ b/docker/ory/oathkeeper/rules.active.json
@@ -83,6 +83,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-well-known-oidc",
    "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>",
      "methods": ["GET", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2",
    "description": "Hydra OAuth2 Endpoints",
@@ -97,6 +112,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2-oidc",
    "description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>",
      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo",
    "description": "Hydra Userinfo",
@@ -110,5 +140,20 @@
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo-oidc",
    "description": "Hydra Userinfo (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/userinfo",
      "methods": ["GET", "POST", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  }
 ]
--- a/docker/ory/oathkeeper/rules.json
+++ b/docker/ory/oathkeeper/rules.json
@@ -83,6 +83,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-well-known-oidc",
    "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>",
      "methods": ["GET", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2",
    "description": "Hydra OAuth2 Endpoints",
@@ -97,6 +112,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2-oidc",
    "description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>",
      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo",
    "description": "Hydra Userinfo",
@@ -110,5 +140,20 @@
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo-oidc",
    "description": "Hydra Userinfo (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/userinfo",
      "methods": ["GET", "POST", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  }
 ]
--- a/docker/ory/oathkeeper/rules.stage.json
+++ b/docker/ory/oathkeeper/rules.stage.json
@@ -83,6 +83,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-well-known-oidc",
    "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/.well-known/<.*>",
      "methods": ["GET", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2",
    "description": "Hydra OAuth2 Endpoints",
@@ -97,6 +112,21 @@
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-oauth2-oidc",
    "description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/oauth2/<.*>",
      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo",
    "description": "Hydra Userinfo",
@@ -110,5 +140,20 @@
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  },
  {
    "id": "hydra-userinfo-oidc",
    "description": "Hydra Userinfo (with /oidc prefix)",
    "match": {
      "url": "<.*>://sso-test.hmac.kr/oidc/userinfo",
      "methods": ["GET", "POST", "OPTIONS"]
    },
    "upstream": {
      "url": "http://hydra:4444",
      "strip_path_prefix": "/oidc"
    },
    "authenticators": [{ "handler": "noop" }],
    "authorizer": { "handler": "allow" },
    "mutators": [{ "handler": "noop" }]
  }
 ]