FapiWellKnownFilterChain
A filter chain to validate requests to well-known endpoints and make sure they produce OAuth 2.0 clients that comply with the following FAPI specifications:
Put this filter before other filters to reject requests that would result in creating an OAuth 2.0 client that doesn’t comply with the FAPI specifications.
Usage
{
"name": string,
"type": "FapiWellKnownFilterChain",
"config": {
"forwardedHost": string,
"mtlsEndpoints": {
"endpointNames": [ configuration expression<string>, ... ],
"mtlsHostname": string
}
"supportedTokenEndpointAuthMethods": [ configuration expression<string>, ... ]
}
}
Properties
"forwardedHost"
: string, required-
The forwarded host added to the endpoint request.
"mtlsEndpoints"
: object, required-
Well-known endpoints to reconfigure to use mTLS.
"supportedTokenEndpointAuthMethods"
: array of configuration expression<strings>, optional-
The supported OAuth 2.0
token_endpoint_auth_method
values.Default:
private_key_jwt
,self_signed_tls_client_auth
,tls_client_auth
Example
{
"name": "FapiWellKnownFilterChain",
"type": "FapiWellKnownFilterChain",
"config": {
"forwardedHost" : "&{as.fqdn}",
"mtlsEndpoints" : {
"endpointNames" : [ "authorization_endpoint", "registration_endpoint", "token_endpoint" ],
"mtlsHostname" : "&{as.mtls.fqdn}"
}
}
}