{
  "name": "28 - Protect authorization server well-known metadata",
  "baseURI": "https://&{tenantHostname}",
  "condition": "${find(request.uri.path, '^/am/oauth2/realms/root/realms/&{realm}/.well-known/openid-configuration')}",
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "type": "FapiWellKnownFilterChain",
          "config": {
            "forwardedHost": "&{asHostname}",
            "mtlsEndpoints": {
              "endpointNames": [
                "authorization_endpoint",
                "pushed_authorization_request_endpoint",
                "registration_endpoint",
                "token_endpoint"
              ],
              "mtlsHostname": "&{asHostname}"
            },
            "supportedTokenEndpointAuthMethods": "${oauth2.tokenEndpointAuthMethodsSupported}"
          }
        }
      ],
      "handler": "PlatformReverseProxyHandler"
    }
  }
}