quiet-psychiatrist-3449
12/26/2021, 5:49 PM/schemas
endpoint is open to the public, yet it doesn't even exist for the admin API. Since I want to use Kratos for customer authentication, as well as employee authentication and partners authentication, I would like to "obfuscate" the available identity schemas. People with access to the public Kratos API shouldn't be able to see what kind of internal schemas we use. Why is it even public, yet not available under the admin API? I'm a bit confused here, since I'm not really all too versed in IAM. Are schemas supposed to be public to everybody? Is security though obfuscation not a thing in IAM? (Not telling the world what kind of authentication structure your company has should be the default, shouldn't it?) Would be great if somebody could explain the reasoning to me here šhigh-optician-2097
quiet-psychiatrist-3449
12/26/2021, 8:11 PM/schemas
endpoint does not seem to exist, it resolves as a 404 page not found. I'm also 99.95% sure I'm calling the right endpoint (<ip-address>:<port>/schemas) on the admin API.
Other admin endpoints such as /identities
also work fine.
I could post a log entry if you wish. The next step for me would be to look into the source-code. FWIW here's my curl command that I use: curl localhost:8090/schemas | json_pp
maybe you see something wrong with it? Did I oversee something in the documentation?
Note: I'm proxy forwarding the admin service from a K8s cluster.
One can also reproduce it by bootstrapping the quickstart deployment and running curl 0.0.0.0:4434/schemas
, so it seems that /schemas
may be somehow disabled for the admin API?ā ~ curl 0.0.0.0:4433/schemas
[{"id":"default","schema":{"$id":"<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>","$schema":"<http://json-schema.org/draft-07/schema#>","title":"Person","type":"object","properties":{"traits":{"type":"object","properties":{"email":{"type":"string","format":"email","title":"E-Mail","minLength":3,"<http://ory.sh/kratos|ory.sh/kratos>":{"credentials":{"password":{"identifier":true}},"verification":{"via":"email"},"recovery":{"via":"email"}}},"name":{"type":"object","properties":{"first":{"title":"First Name","type":"string"},"last":{"title":"Last Name","type":"string"}}}},"required":["email"],"additionalProperties":false}}}}]
ā ~ curl 0.0.0.0:4434/schemas
404 page not found
127.0.0.1:4433/schemas/default
does result in a redirect to the public endpoint 127.0.0.1:4434/schemas/default
(note the port changed). So it seems the /schemas
endpoint is not redirecting to the public endpoint?/schemas/{id}
endpoint is checking for a 404 StatusCode on line 2293 in api_v0alpha2.go, while /schemas
is not. I'm not realy familiar with the Repo, so I don't really have a deep understanding as to what's really missing.
f that's unexpected behavior I can open up an issue and see if I can create a PR.high-optician-2097
quiet-psychiatrist-3449
12/27/2021, 7:20 AM/schemas/{id}
warrants a redirect to the public endpoint, while /schemas
does not :)high-optician-2097
quiet-psychiatrist-3449
12/27/2021, 8:17 AM