{
  "name": "proxy-connect",
  "condition": "${find(request.uri.path, '^/proxy-connect')}",
  "properties": {
    "gatewayUsername": "ig_agent",
    "gatewayPasswordSecretId": "agent.secret.id",
    "amServiceUrl": "https://myTenant.forgeblocks.com/am"
  },
  "heap": [
    {
      "name": "SystemAndEnvSecretStore-1",
      "type": "SystemAndEnvSecretStore"
    },
    {
      "name": "SecurityHeaderFilter",
      "type": "HeaderFilter",
      "config": {
        "messageType": "REQUEST",
        "add": {
          "X-Security-Header": [
            "f1drybngmzqj5loposddd5p98z886jp9"
          ]
        },
        "_comment": "The Proxy Connect rule you configure matches this header."
      },
      "capture": "filtered_request"
    },
    {
      "name": "AmService-1",
      "type": "AmService",
      "config": {
        "url": "&{amServiceUrl}",
        "realm": "/alpha",
        "agent": {
          "username": "&{gatewayUsername}",
          "passwordSecretId": "&{gatewayPasswordSecretId}"
        },
        "secretsProvider": "SystemAndEnvSecretStore-1",
        "amHandler": {
          "type": "Chain",
          "config": {
            "filters": [
              "SecurityHeaderFilter"
            ],
            "handler": "ForgeRockClientHandler"
          }
        },
        "notifications": {
          "_comment": "Avoid UpgradeRejectedException: WebSocket upgrade failure: 404",
          "enabled": false
        }
      }
    }
  ],
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "name": "OAuth2ResourceServerFilter-1",
          "type": "OAuth2ResourceServerFilter",
          "config": {
            "scopes": [
              "mail"
            ],
            "requireHttps": false,
            "accessTokenResolver": {
              "name": "TokenIntrospectionAccessTokenResolver-1",
              "type": "TokenIntrospectionAccessTokenResolver",
              "config": {
                "amService": "AmService-1",
                "providerHandler": {
                  "type": "Chain",
                  "config": {
                    "filters": [
                      "SecurityHeaderFilter",
                      {
                        "type": "HttpBasicAuthenticationClientFilter",
                        "config": {
                          "username": "&{gatewayUsername}",
                          "passwordSecretId": "&{gatewayPasswordSecretId}",
                          "secretsProvider": "SystemAndEnvSecretStore-1"
                        }
                      }
                    ],
                    "handler": "ForgeRockClientHandler"
                  }
                }
              }
            }
          }
        }
      ],
      "handler": {
        "type": "StaticResponseHandler",
        "config": {
          "status": 200,
          "headers": {
            "Content-Type": [
              "text/html; charset=UTF-8"
            ]
          },
          "entity": "<html><body><h2>Decoded access_token: ${contexts.oauth2.accessToken.info}</h2></body></html>"
        }
      }
    }
  }
}