github.com/avenga/couper@v1.12.2/server/testdata/oauth2/20_couper.hcl (about) 1 server { 2 hosts = ["*:8080"] 3 4 api { 5 endpoint "/csj" { 6 proxy { 7 backend = "csj" 8 } 9 } 10 11 endpoint "/csj_error" { 12 proxy { 13 backend = "csj_error" 14 } 15 } 16 17 endpoint "/pkj" { 18 proxy { 19 backend = "pkj" 20 } 21 } 22 23 endpoint "/pkj_error" { 24 proxy { 25 backend = "pkj_error" 26 } 27 } 28 } 29 } 30 31 definitions { 32 backend "csj" { 33 origin = "{{.rsOrigin}}" 34 35 oauth2 { 36 token_endpoint = "http://1.1.1.1:9999/token/csj" 37 grant_type = "client_credentials" 38 client_id = "my_clid" 39 client_secret = "my_cls" 40 token_endpoint_auth_method = "client_secret_jwt" 41 jwt_signing_profile { 42 signature_algorithm = "HS256" 43 ttl = "10s" 44 claims = { 45 foo = env.BAR 46 } 47 } 48 } 49 } 50 51 backend "csj_error" { 52 origin = "{{.rsOrigin}}" 53 54 oauth2 { 55 token_endpoint = "http://1.1.1.1:9999/token/csj/error" 56 grant_type = "client_credentials" 57 client_id = "my_clid" 58 client_secret = "my_cls" 59 token_endpoint_auth_method = "client_secret_jwt" 60 jwt_signing_profile { 61 signature_algorithm = "HS256" 62 ttl = "10s" 63 } 64 } 65 } 66 67 backend "pkj" { 68 origin = "{{.rsOrigin}}" 69 70 oauth2 { 71 token_endpoint = "http://1.1.1.1:9999/token/pkj" 72 grant_type = "client_credentials" 73 client_id = "my_clid" 74 token_endpoint_auth_method = "private_key_jwt" 75 jwt_signing_profile { 76 key_file = "./testdata/oauth2/pkcs8.key" 77 signature_algorithm = "RS256" 78 ttl = "10s" 79 claims = { 80 aud = "some explicit value" 81 foo = to_lower(env.BAR) 82 } 83 } 84 } 85 } 86 87 backend "pkj_error" { 88 origin = "{{.rsOrigin}}" 89 90 oauth2 { 91 token_endpoint = "http://1.1.1.1:9999/token/pkj/error" 92 grant_type = "client_credentials" 93 client_id = "my_clid" 94 token_endpoint_auth_method = "private_key_jwt" 95 jwt_signing_profile { 96 key_file = "./testdata/oauth2/pkcs8.key" 97 signature_algorithm = "RS256" 98 ttl = "10s" 99 } 100 } 101 } 102 103 jwt "csj" { 104 token_value = request.form_body.client_assertion[0] 105 signature_algorithm = "HS256" 106 key = "my_cls" 107 claims = { 108 iss = "my_clid" 109 sub = "my_clid" 110 aud = "http://1.1.1.1:9999/token/csj" 111 foo = "BaR" 112 } 113 required_claims = ["iat", "exp", "jti"] 114 } 115 116 jwt "csj_error" { 117 token_value = request.form_body.client_assertion[0] 118 signature_algorithm = "HS256" 119 key = "wrong key" 120 } 121 122 jwt "pkj" { 123 token_value = request.form_body.client_assertion[0] 124 signature_algorithm = "RS256" 125 key_file = "./testdata/oauth2/certificate.pem" 126 claims = { 127 iss = "my_clid" 128 sub = "my_clid" 129 aud = "some explicit value" 130 foo = "bar" 131 } 132 required_claims = ["iat", "exp", "jti"] 133 } 134 135 jwt "pkj_error" { 136 token_value = request.form_body.client_assertion[0] 137 signature_algorithm = "HS256" 138 key = "wrong key" 139 } 140 } 141 142 server { 143 hosts = ["*:9999"] 144 145 api { 146 endpoint "/token/csj" { 147 access_control = ["csj"] 148 149 response { 150 json_body = { 151 access_token = "${request.context.csj.iat} ${request.context.csj.exp} ${request.context.csj.jti}" 152 expires_in = 60 153 } 154 } 155 } 156 157 endpoint "/token/csj/error" { 158 access_control = ["csj_error"] 159 160 response { 161 json_body = { 162 access_token = "qoebnqeb" 163 expires_in = 60 164 } 165 } 166 } 167 168 endpoint "/token/pkj" { 169 access_control = ["pkj"] 170 171 response { 172 json_body = { 173 access_token = "${request.context.pkj.iat} ${request.context.pkj.exp} ${request.context.pkj.jti}" 174 expires_in = 60 175 } 176 } 177 } 178 179 endpoint "/token/pkj/error" { 180 access_control = ["pkj_error"] 181 182 response { 183 json_body = { 184 access_token = "qoebnqeb" 185 expires_in = 60 186 } 187 } 188 } 189 } 190 } 191 192 defaults { 193 environment_variables = { 194 BAR = "BaR" 195 } 196 }