zuplo 6.70.63 → 6.70.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/docs/ai-gateway/fallback.mdx +132 -0
- package/docs/articles/api-key-api.mdx +1 -1
- package/docs/articles/api-key-best-practices.mdx +2 -2
- package/docs/articles/api-key-react-component.mdx +1 -1
- package/docs/articles/bypass-policy-for-testing.mdx +3 -3
- package/docs/articles/configuring-auth0-for-mcp-auth.mdx +1 -1
- package/docs/articles/configuring-okta-for-mcp-auth.mdx +1 -1
- package/docs/articles/health-checks.mdx +5 -5
- package/docs/articles/log-request-response-data.mdx +4 -4
- package/docs/articles/mcp-quickstart.mdx +3 -3
- package/docs/articles/multiple-auth-policies.mdx +3 -3
- package/docs/articles/plugin-azure-event-hubs.mdx +1 -1
- package/docs/articles/s3-signed-url-uploads.mdx +3 -4
- package/docs/articles/use-openapi-extension-data.mdx +1 -1
- package/docs/articles/waf-ddos-akamai.md +1 -1
- package/docs/articles/waf-ddos-aws-waf-shield.mdx +1 -1
- package/docs/articles/waf-ddos-fastly.mdx +1 -1
- package/docs/guides/geolocation-backend-routing.mdx +1 -1
- package/docs/guides/modify-openapi-paths.mdx +1 -1
- package/docs/handlers/legacy-dev-portal-handler.mdx +1 -1
- package/docs/handlers/redirect.mdx +3 -3
- package/docs/mcp-gateway/auth/manual-oauth-testing.mdx +2 -2
- package/docs/mcp-gateway/code-config/multi-upstream.mdx +1 -1
- package/docs/mcp-gateway/how-to/connect-upstream-oauth.mdx +4 -3
- package/docs/mcp-server/prompts.mdx +1 -1
- package/docs/policies/akamai-ai-firewall/schema.json +1 -1
- package/docs/policies/akamai-firewall-for-ai-inbound/schema.json +1 -1
- package/docs/policies/akamai-firewall-for-ai-outbound/schema.json +1 -1
- package/docs/policies/amberflo-metering-inbound/schema.json +1 -1
- package/docs/policies/api-key-inbound/schema.json +1 -1
- package/docs/policies/audit-log-inbound/schema.json +1 -1
- package/docs/policies/auth0-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/authzen-inbound/schema.json +1 -1
- package/docs/policies/axiomatics-authz-inbound/schema.json +1 -1
- package/docs/policies/basic-auth-inbound/schema.json +1 -1
- package/docs/policies/bot-detection-inbound/schema.json +1 -1
- package/docs/policies/brownout-inbound/schema.json +1 -1
- package/docs/policies/caching-inbound/schema.json +1 -1
- package/docs/policies/change-method-inbound/schema.json +1 -1
- package/docs/policies/clear-headers-inbound/schema.json +1 -1
- package/docs/policies/clear-headers-outbound/schema.json +1 -1
- package/docs/policies/clerk-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/cognito-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/comet-opik-tracing-inbound/schema.json +1 -1
- package/docs/policies/complex-rate-limit-inbound/schema.json +1 -1
- package/docs/policies/composite-inbound/schema.json +1 -1
- package/docs/policies/composite-outbound/schema.json +1 -1
- package/docs/policies/curity-phantom-token-inbound/schema.json +1 -1
- package/docs/policies/firebase-jwt-inbound/schema.json +1 -1
- package/docs/policies/formdata-to-json-inbound/schema.json +1 -1
- package/docs/policies/galileo-tracing-inbound/schema.json +1 -1
- package/docs/policies/geo-filter-inbound/schema.json +1 -1
- package/docs/policies/graphql-complexity-limit-inbound/schema.json +1 -1
- package/docs/policies/graphql-disable-introspection-inbound/schema.json +1 -1
- package/docs/policies/graphql-introspection-filter-outbound/schema.json +1 -1
- package/docs/policies/http-deprecation-outbound/schema.json +1 -1
- package/docs/policies/jwt-scopes-inbound/schema.json +1 -1
- package/docs/policies/ldap-auth-inbound/schema.json +1 -1
- package/docs/policies/mcp-auth0-oauth-inbound/schema.json +76 -1
- package/docs/policies/mcp-capability-filter-inbound/schema.json +1 -1
- package/docs/policies/mcp-clerk-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-cognito-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-entra-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-google-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-keycloak-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-logto-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-oauth-inbound/schema.json +76 -1
- package/docs/policies/mcp-okta-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-onelogin-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-ping-oauth-inbound/schema.json +1 -1
- package/docs/policies/mcp-token-exchange-inbound/schema.json +1 -1
- package/docs/policies/mcp-workos-oauth-inbound/schema.json +1 -1
- package/docs/policies/mock-api-inbound/schema.json +1 -1
- package/docs/policies/moesif-inbound/schema.json +1 -1
- package/docs/policies/monetization-inbound/schema.json +1 -1
- package/docs/policies/mtls-auth-inbound/intro.md +3 -3
- package/docs/policies/mtls-auth-inbound/schema.json +1 -1
- package/docs/policies/okta-fga-authz-inbound/schema.json +1 -1
- package/docs/policies/okta-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/open-id-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/openfga-authz-inbound/schema.json +1 -1
- package/docs/policies/openmeter-inbound/schema.json +1 -1
- package/docs/policies/prompt-injection-outbound/schema.json +1 -1
- package/docs/policies/propel-auth-jwt-inbound/schema.json +1 -1
- package/docs/policies/query-param-to-header-inbound/schema.json +1 -1
- package/docs/policies/quota-inbound/schema.json +1 -1
- package/docs/policies/rate-limit-inbound/schema.json +1 -1
- package/docs/policies/readme-metrics-inbound/schema.json +1 -1
- package/docs/policies/remove-headers-inbound/schema.json +1 -1
- package/docs/policies/remove-headers-outbound/schema.json +1 -1
- package/docs/policies/remove-query-params-inbound/schema.json +1 -1
- package/docs/policies/replace-string-outbound/schema.json +1 -1
- package/docs/policies/request-size-limit-inbound/schema.json +1 -1
- package/docs/policies/request-validation-inbound/schema.json +1 -1
- package/docs/policies/require-origin-inbound/schema.json +1 -1
- package/docs/policies/secret-masking-outbound/schema.json +1 -1
- package/docs/policies/semantic-cache-inbound/schema.json +1 -1
- package/docs/policies/set-body-inbound/schema.json +1 -1
- package/docs/policies/set-headers-inbound/schema.json +1 -1
- package/docs/policies/set-headers-outbound/schema.json +1 -1
- package/docs/policies/set-query-params-inbound/schema.json +1 -1
- package/docs/policies/set-status-outbound/schema.json +1 -1
- package/docs/policies/set-upstream-api-key-inbound/schema.json +1 -1
- package/docs/policies/sleep-inbound/schema.json +1 -1
- package/docs/policies/stripe-webhook-verification-inbound/schema.json +1 -1
- package/docs/policies/supabase-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-gcp-jwt-inbound/schema.json +1 -1
- package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +1 -1
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +1 -1
- package/docs/policies/validate-json-schema-inbound/schema.json +1 -1
- package/docs/policies/web-bot-auth-inbound/schema.json +1 -1
- package/docs/policies/xml-to-json-outbound/schema.json +1 -1
- package/docs/programmable-api/zuplo-request.mdx +1 -1
- package/package.json +4 -4
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/cognito-jwt-auth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "AWS Cognito JWT Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/comet-opik-tracing-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Comet Opik Tracing",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/complex-rate-limit-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Complex Rate Limiting",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/composite-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Composite Inbound (Group Policies)",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/composite-outbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Composite Outbound (Group Policies)",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/curity-phantom-token-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Curity Phantom Token Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/firebase-jwt-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Firebase JWT Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/formdata-to-json-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Form Data to JSON",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/galileo-tracing-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Galileo Tracing",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/geo-filter-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Geo-location filtering",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/graphql/schemas/graphql-complexity-limit-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "GraphQL Complexity Limit",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/graphql/schemas/graphql-disable-introspection-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "GraphQL Disable Introspection",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/graphql/schemas/graphql-introspection-filter-outbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "GraphQL Introspection Filter",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/http-deprecation-outbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "HTTP Deprecation",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/jwt-scopes-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "JWT Scope Validation",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/ldap-auth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "LDAP Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-auth0-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Auth0 OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -83,6 +83,81 @@
|
|
|
83
83
|
}
|
|
84
84
|
}
|
|
85
85
|
},
|
|
86
|
+
"idJag": {
|
|
87
|
+
"description": "Optional Identity Assertion JWT Authorization Grant (ID-JAG / XAA) support for the gateway token endpoint.",
|
|
88
|
+
"oneOf": [
|
|
89
|
+
{
|
|
90
|
+
"type": "object",
|
|
91
|
+
"additionalProperties": false,
|
|
92
|
+
"required": ["enabled"],
|
|
93
|
+
"properties": {
|
|
94
|
+
"enabled": {
|
|
95
|
+
"const": false,
|
|
96
|
+
"description": "Disable ID-JAG support."
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"type": "object",
|
|
102
|
+
"additionalProperties": false,
|
|
103
|
+
"required": ["enabled", "trustedIssuers"],
|
|
104
|
+
"properties": {
|
|
105
|
+
"enabled": {
|
|
106
|
+
"const": true,
|
|
107
|
+
"description": "Enable ID-JAG support."
|
|
108
|
+
},
|
|
109
|
+
"trustedIssuers": {
|
|
110
|
+
"type": "array",
|
|
111
|
+
"minItems": 1,
|
|
112
|
+
"description": "Trusted ID-JAG issuers. These values are never published in OAuth metadata.",
|
|
113
|
+
"items": {
|
|
114
|
+
"type": "object",
|
|
115
|
+
"additionalProperties": false,
|
|
116
|
+
"required": ["issuer", "jwksUrl"],
|
|
117
|
+
"properties": {
|
|
118
|
+
"issuer": {
|
|
119
|
+
"type": "string",
|
|
120
|
+
"format": "uri",
|
|
121
|
+
"description": "Exact issuer URL expected in the ID-JAG iss claim."
|
|
122
|
+
},
|
|
123
|
+
"jwksUrl": {
|
|
124
|
+
"type": "string",
|
|
125
|
+
"format": "uri",
|
|
126
|
+
"description": "JWKS URL used to verify ID-JAG signatures from this issuer."
|
|
127
|
+
},
|
|
128
|
+
"expectedClientIds": {
|
|
129
|
+
"type": "array",
|
|
130
|
+
"items": {
|
|
131
|
+
"type": "string",
|
|
132
|
+
"minLength": 1
|
|
133
|
+
},
|
|
134
|
+
"description": "Optional allow-list of client IDs accepted from this issuer. The ID-JAG client_id must still match the authenticated token-endpoint client."
|
|
135
|
+
},
|
|
136
|
+
"subjectMapping": {
|
|
137
|
+
"type": "string",
|
|
138
|
+
"enum": [
|
|
139
|
+
"iss_prefix",
|
|
140
|
+
"iss_tenant_prefix",
|
|
141
|
+
"sub_id_only"
|
|
142
|
+
],
|
|
143
|
+
"default": "iss_prefix",
|
|
144
|
+
"description": "How the ID-JAG subject is mapped into the gateway subject ID."
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
},
|
|
149
|
+
"authorizationDetailsTypesAllowed": {
|
|
150
|
+
"type": "array",
|
|
151
|
+
"items": {
|
|
152
|
+
"type": "string",
|
|
153
|
+
"minLength": 1
|
|
154
|
+
},
|
|
155
|
+
"description": "Optional allow-list of RFC 9396 authorization_details type values accepted from ID-JAGs."
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
]
|
|
160
|
+
},
|
|
86
161
|
"browserLoginOverrides": {
|
|
87
162
|
"type": "object",
|
|
88
163
|
"description": "Optional overrides for the derived browser-login settings.",
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-capability-filter-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Capability Filter",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-clerk-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Clerk OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-cognito-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Amazon Cognito OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-entra-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Microsoft Entra OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-google-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Google OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-keycloak-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Keycloak OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-logto-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Logto OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -141,6 +141,81 @@
|
|
|
141
141
|
"description": "Whether to advertise client\\_id\\_metadata\\_document\\_supported in AS metadata."
|
|
142
142
|
}
|
|
143
143
|
}
|
|
144
|
+
},
|
|
145
|
+
"idJag": {
|
|
146
|
+
"description": "Optional Identity Assertion JWT Authorization Grant (ID-JAG / XAA) support for the gateway token endpoint.",
|
|
147
|
+
"oneOf": [
|
|
148
|
+
{
|
|
149
|
+
"type": "object",
|
|
150
|
+
"additionalProperties": false,
|
|
151
|
+
"required": ["enabled"],
|
|
152
|
+
"properties": {
|
|
153
|
+
"enabled": {
|
|
154
|
+
"const": false,
|
|
155
|
+
"description": "Disable ID-JAG support."
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
"type": "object",
|
|
161
|
+
"additionalProperties": false,
|
|
162
|
+
"required": ["enabled", "trustedIssuers"],
|
|
163
|
+
"properties": {
|
|
164
|
+
"enabled": {
|
|
165
|
+
"const": true,
|
|
166
|
+
"description": "Enable ID-JAG support."
|
|
167
|
+
},
|
|
168
|
+
"trustedIssuers": {
|
|
169
|
+
"type": "array",
|
|
170
|
+
"minItems": 1,
|
|
171
|
+
"description": "Trusted ID-JAG issuers. These values are never published in OAuth metadata.",
|
|
172
|
+
"items": {
|
|
173
|
+
"type": "object",
|
|
174
|
+
"additionalProperties": false,
|
|
175
|
+
"required": ["issuer", "jwksUrl"],
|
|
176
|
+
"properties": {
|
|
177
|
+
"issuer": {
|
|
178
|
+
"type": "string",
|
|
179
|
+
"format": "uri",
|
|
180
|
+
"description": "Exact issuer URL expected in the ID-JAG iss claim."
|
|
181
|
+
},
|
|
182
|
+
"jwksUrl": {
|
|
183
|
+
"type": "string",
|
|
184
|
+
"format": "uri",
|
|
185
|
+
"description": "JWKS URL used to verify ID-JAG signatures from this issuer."
|
|
186
|
+
},
|
|
187
|
+
"expectedClientIds": {
|
|
188
|
+
"type": "array",
|
|
189
|
+
"items": {
|
|
190
|
+
"type": "string",
|
|
191
|
+
"minLength": 1
|
|
192
|
+
},
|
|
193
|
+
"description": "Optional allow-list of client IDs accepted from this issuer. The ID-JAG client_id must still match the authenticated token-endpoint client."
|
|
194
|
+
},
|
|
195
|
+
"subjectMapping": {
|
|
196
|
+
"type": "string",
|
|
197
|
+
"enum": [
|
|
198
|
+
"iss_prefix",
|
|
199
|
+
"iss_tenant_prefix",
|
|
200
|
+
"sub_id_only"
|
|
201
|
+
],
|
|
202
|
+
"default": "iss_prefix",
|
|
203
|
+
"description": "How the ID-JAG subject is mapped into the gateway subject ID."
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
},
|
|
208
|
+
"authorizationDetailsTypesAllowed": {
|
|
209
|
+
"type": "array",
|
|
210
|
+
"items": {
|
|
211
|
+
"type": "string",
|
|
212
|
+
"minLength": 1
|
|
213
|
+
},
|
|
214
|
+
"description": "Optional allow-list of RFC 9396 authorization_details type values accepted from ID-JAGs."
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
]
|
|
144
219
|
}
|
|
145
220
|
}
|
|
146
221
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-okta-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Okta OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-onelogin-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP OneLogin OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-ping-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Ping OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-token-exchange-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP Token Exchange",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mcp-workos-oauth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "MCP WorkOS OAuth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mock-api-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Mock API Response",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/moesif-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Moesif Analytics & Billing",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/monetization-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Monetization",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -5,9 +5,9 @@ verification failed, or the certificate metadata cannot be parsed.
|
|
|
5
5
|
|
|
6
6
|
When verification passes, the policy parses the client certificate metadata and
|
|
7
7
|
sets it on `request.user.data.mtlsAuth`. The metadata includes `subject`,
|
|
8
|
-
`issuer`, `notBefore`, `notAfter`, and `sha256Fingerprint`. If
|
|
9
|
-
already exists, its `sub` is preserved. Otherwise, the policy
|
|
10
|
-
`request.user` with the certificate subject as `sub`.
|
|
8
|
+
`issuer`, `notBefore`, `notAfter`, and, when available, `sha256Fingerprint`. If
|
|
9
|
+
`request.user` already exists, its `sub` is preserved. Otherwise, the policy
|
|
10
|
+
creates `request.user` with the certificate subject as `sub`.
|
|
11
11
|
|
|
12
12
|
Set `allowUnauthenticatedRequests` to `true` to enable passthrough mode. In
|
|
13
13
|
passthrough mode, requests are allowed even when mTLS verification fails or no
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/mtls-auth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "mTLS Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/okta-fga-authz-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Okta FGA Authorization",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/okta-jwt-auth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Okta JWT Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/open-id-jwt-auth-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "JWT Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/openfga-authz-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "OpenFGA Authorization",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/openmeter-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "OpenMeter",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/prompt-injection-outbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Prompt Injection Detection",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/propel-auth-jwt-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "PropelAuth JWT Auth",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/query-param-to-header-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Query Parameter to Header",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/quota-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Quota",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/rate-limit-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Rate Limiting",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/readme-metrics-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Readme Metrics",
|
|
6
6
|
"isDeprecated": false,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json-schema.org/draft-07/schema",
|
|
3
|
-
"$id": "
|
|
3
|
+
"$id": "https://cdn.zuplo.com/policies/runtime/schemas/remove-headers-inbound.json",
|
|
4
4
|
"type": "object",
|
|
5
5
|
"title": "Remove Request Headers",
|
|
6
6
|
"isDeprecated": false,
|