serve:
  proxy:
    port: 4455
  api:
    port: 4456

log:
  level: info
  format: json

errors:
  fallback:
    - json

access_rules:
  repositories:
    - file:///etc/config/oathkeeper/rules.active.json

authenticators:
  noop:
    enabled: true
  cookie_session:
    enabled: true
    config:
      check_session_url: http://kratos:4433/sessions/whoami
      preserve_path: true
      extra_from: "@this"
      subject_from: "identity.id"

authorizers:
  allow:
    enabled: true
  remote_json:
    enabled: true
    config:
      remote: http://keto:4466/check
      payload: |
        {
          "namespace": "permissions",
          "object": "{{ print .Request.URL.Path }}",
          "relation": "access",
          "subject_id": "{{ print .Subject }}"
        }

mutators:
  noop:
    enabled: true
  id_token:
    enabled: true
    config:
      issuer_url: http://127.0.0.1:4456/
      jwks_url: file:///etc/config/oathkeeper/jwks.json