{
  "name": "01 - FAPI-protected resource server API",
  "comment": "Route simulating a resource server API protected using FAPI",
  "condition": "${find(request.uri.path, '^/rs/fapi/api')}",
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "type": "FapiResourceFilterChain",
          "config": {
            "accessTokenResolver": {
              "type": "StatelessAccessTokenResolver",
              "config": {
                "secretsProvider": "AsJwkSecretsProvider",
                "issuer": "https://&{asHostname}/am/oauth2/realms/root/realms/&{realm}",
                "verificationSecretId": "any.value.in.regex.format"
              }
            },
            "apiClientService": "IdmApiClientService",
            "clientCertificate": "${pemCertificate(urlDecode(request.headers['ssl-client-cert'][0]))}",
            "realm": "Gateway",
            "scopes": [
              "openid"
            ]
          }
        }
      ],
      "handler": {
        "name": "ExampleRsApiResponseHandler",
        "type": "ScriptableHandler",
        "config": {
          "type": "application/x-groovy",
          "file": "ExampleRsApiResponseHandler.groovy"
        }
      }
    }
  }
}