numerous-energy-92403
11/10/2021, 7:36 PM{
"id": "security_csrf_violation",
"code": 403,
"reason": "The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.",
"status": "Forbidden",
"details": {
"docs": "<https://www.ory.sh/kratos/docs/debug/csrf>",
"hint": "The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).",
"reject_reason": "The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."
},
"message": "the request was rejected to protect you from Cross-Site-Request-Forgery"
}
Can anyone please give me a clue? I have spent hours on this verifying every setting, etc., and it seems that the cookie is not making it all the way to Kratos, but I cannot seem to verify that to be certain. I am using Nginx Ingress, and there is an Azure DNS handling the DNS mapping to the AKS Cluster...and then the Ingress is used to direct traffic to port 4455 of Oathkeeper. I am using the standard internal DNS Kubernetes node mappings to find the other services. Let me know what other information is helpful to debug this, and I will get it. I am using Oathkeeper version 0.38.16 (the latest) and Kratos version 0.8 (also the latest). I am NOT using the Helm charts. I am using Docker images directly configured as Deployments. The database is Postgres 13 as an Azure Postgres Flexible Server.proud-plumber-24205
11/11/2021, 1:13 PMnumerous-energy-92403
11/12/2021, 8:22 AMory_kratos_session
cookie is present in the response. In the problem installation, the cookie is absent. This would seem to indicate that the cookie is not making it from Kratos, where it is created, back to the browser on redirect. In the Oathkeeper log, I see in the last step that there is a "csrf_[some random stuff]" cookie, but no session token. Does that help you with telling me where to look?proud-plumber-24205
11/12/2021, 8:30 AMnumerous-energy-92403
11/12/2021, 9:28 AMtime=2021-11-12T08:45:58Z level=info msg=Encountered self-service login error. audience=audit error=map[debug: details:map[docs:<https://www.ory.sh/kratos/docs/debug/csrf> hint:The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token). reject_reason:The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow.] message:the request was rejected to protect you from Cross-Site-Request-Forgery reason:The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues. status:Forbidden status_code:403] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-encoding:gzip, deflate, br accept-language:en-US,en;q=0.9 content-length:181 content-type:application/x-www-form-urlencoded origin:<https://kratos-ss-dev.dev.cordico.com> referer:<https://kratos-ss-dev.dev.cordico.com/> user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15 x-forwarded-for:72.190.76.228 x-forwarded-host:kratos-dev.dev.cordico.comx-forwarded-port:443 x-forwarded-proto:https x-forwarded-scheme:https x-real-ip:72.190.76.228 x-request-id:95e63015631572d04eb333fb5824f4ce x-scheme:https] host:<http://kratos-dev.dev.cordico.com|kratos-dev.dev.cordico.com> method:POST path:/self-service/login query:flow=8da3792a-98d3-44b2-88cf-781d03222375 remote:10.244.0.30:50700 scheme:http] login_flow=&{8da3792a-98d3-44b2-88cf-781d03222375 6afcf6e9-c5e9-4baf-8114-02f7feb34df3 browser 2021-11-12 08:55:45.119629 +0000 UTC 2021-11-12 08:45:45.119629 +0000 UTC [123 125] <http://kratos-ss-dev.dev.cordico.com/self-service/login/browser> 0xc000c7e870 2021-11-12 08:45:45.123585 +0000 UTC 2021-11-12 08:45:45.123585 +0000 UTC +WsdyIMdhgktgyD9CIJnTatvPw1BJy7JJetp5JDfictdfO7bAvnWslI4l7xMIFSbdlyNUKqc+FED8L/avL9abw== false aal1} service_name=Ory Kratos service_version=
time=2021-11-12T08:45:58Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[debug: details:map[docs:<https://www.ory.sh/kratos/docs/debug/csrf> hint:The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token). reject_reason:The HTTP Cookie Header was set and a CSRF token was sent but theydo not match. We recommend deleting all cookies for this domain and retrying the flow.] message:the request was rejected to protect you from Cross-Site-Request-Forgery reason:The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues. status:Forbidden status_code:403] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-encoding:gzip, deflate, br accept-language:en-US,en;q=0.9 content-length:181 content-type:application/x-www-form-urlencoded origin:<https://kratos-ss-dev.dev.cordico.com> referer:<https://kratos-ss-dev.dev.cordico.com/> user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15 x-forwarded-for:72.190.76.228 x-forwarded-host:<http://kratos-dev.dev.cordico.com|kratos-dev.dev.cordico.com> x-forwarded-port:443 x-forwarded-proto:https x-forwarded-scheme:https x-real-ip:72.190.76.228 x-request-id:95e63015631572d04eb333fb5824f4ce x-scheme:https] host:<http://kratos-dev.dev.cordico.com|kratos-dev.dev.cordico.com> method:POST path:/self-service/login query:flow=8da3792a-98d3-44b2-88cf-781d03222375 remote:10.244.0.30:50700 scheme:http] service_name=Ory Kratos service_version=
{"http_request":{"headers":{"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","referer":"<https://kratos-ss-dev.dev.cordico.com/>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"b26a4810e19795cf84264e27699912d1"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/error","query":"id=69de69ae-fc5b-4509-8720-30178c8ec740","remote":"10.244.0.30:50834","scheme":"http"},"http_response":{"status":500,"text_status":"Internal Server Error","took":190920720},"level":"info","msg":"completed handling request","time":"2021-11-12T09:32:38Z"}
[cors] 2021/11/12 09:32:38 Handler: Actual request
[cors] 2021/11/12 09:32:38 Actual request no headers added: missing origin
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"e30-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"28db5e498591f8a2d73d4988acda2570"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/index.css","query":null,"remote":"10.244.0.30:50834","scheme":"http"},"level":"info","msg":"started handling request","time":"2021-11-12T09:32:38Z"}
{"audience":"application","granted":true,"http_host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","http_method":"GET","http_url":"<http://kratos-ss.ingress-nginx.svc.cluster.local:3000/index.css>","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","level":"warning","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"master","subject":"guest","time":"2021-11-12T09:32:38Z"}
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"e30-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"28db5e498591f8a2d73d4988acda2570"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/index.css","query":null,"remote":"10.244.0.30:50834","scheme":"http"},"http_response":{"status":304,"text_status":"Not Modified","took":3190492},"level":"info","msg":"completed handling request","time":"2021-11-12T09:32:38Z"}
[cors] 2021/11/12 09:32:38 Handler: Actual request
[cors] 2021/11/12 09:32:38 Actual request no headers added: missing origin
[cors] 2021/11/12 09:32:38 Handler: Actual request
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"8d9-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"6d0e927eed1e9580564642830a6eb6eb"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/form.css","query":null,"remote":"10.244.0.30:50816","scheme":"http"},"level":"info","msg":"started handling request","time":"2021-11-12T09:32:38Z"}
[cors] 2021/11/12 09:32:38 Actual request no headers added: missing origin
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"1cf-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"b8534a3bea0d1fedd10de18ec627037a"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/auth.css","query":null,"remote":"10.244.0.30:50820","scheme":"http"},"level":"info","msg":"started handling request","time":"2021-11-12T09:32:38Z"}
[cors] 2021/11/12 09:32:38 Handler: Actual request
[cors] 2021/11/12 09:32:38 Actual request no headers added: missing origin
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"333-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"6ac2dd0660e2a0da11e632efcf200602"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/typography.css","query":null,"remote":"10.244.0.30:50834","scheme":"http"},"level":"info","msg":"started handling request","time":"2021-11-12T09:32:38Z"}
{"audience":"application","granted":true,"http_host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","http_method":"GET","http_url":"<http://kratos-ss.ingress-nginx.svc.cluster.local:3000/form.css>","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","level":"warning","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"master","subject":"guest","time":"2021-11-12T09:32:38Z"}
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"8d9-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"6d0e927eed1e9580564642830a6eb6eb"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/form.css","query":null,"remote":"10.244.0.30:50816","scheme":"http"},"http_response":{"status":304,"text_status":"Not Modified","took":3070280},"level":"info","msg":"completed handling request","time":"2021-11-12T09:32:38Z"}
{"audience":"application","granted":true,"http_host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","http_method":"GET","http_url":"<http://kratos-ss.ingress-nginx.svc.cluster.local:3000/auth.css>","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","level":"warning","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"master","subject":"guest","time":"2021-11-12T09:32:38Z"}
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"1cf-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"b8534a3bea0d1fedd10de18ec627037a"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/auth.css","query":null,"remote":"10.244.0.30:50820","scheme":"http"},"http_response":{"status":304,"text_status":"Not Modified","took":5167571},"level":"info","msg":"completed handling request","time":"2021-11-12T09:32:38Z"}
{"audience":"application","granted":true,"http_host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","http_method":"GET","http_url":"<http://kratos-ss.ingress-nginx.svc.cluster.local:3000/typography.css>","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","level":"warning","msg":"Access request granted","service_name":"ORY Oathkeeper","service_version":"master","subject":"guest","time":"2021-11-12T09:32:38Z"}
{"http_request":{"headers":{"accept":"text/css,*/*;q=0.1","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","cookie":"csrf_token_436ec13b3d89630c545b7b5a434123257f6b89aed7a48277bbdc23b6f367c0b2=pBfzE4HkULt/u7dBRKIz1t0zsl3ru9aYJhvWPixg06Q=","if-modified-since":"Tue, 21Sep 2021 05:36:42 GMT","if-none-match":"W/\"333-17c06db3610\"","referer":"<https://kratos-ss-dev.dev.cordico.com/error?id=69de69ae-fc5b-4509-8720-30178c8ec740>","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","x-forwarded-for":"72.190.76.228","x-forwarded-proto":"https","x-request-id":"6ac2dd0660e2a0da11e632efcf200602"},"host":"<http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>","method":"GET","path":"/typography.css","query":null,"remote":"10.244.0.30:50834","scheme":"http"},"http_response":{"status":304,"text_status":"Not Modified","took":6244770},"level":"info","msg":"completed handling request","time":"2021-11-12T09:32:38Z"}
proud-plumber-24205
11/12/2021, 4:52 PM<http://kratos-ss.tribecore.io|kratos-ss.tribecore.io>
and the non-working is running on a nested subdomain <http://kratos-ss-dev.dev.cordico.com|kratos-ss-dev.dev.cordico.com>.
Although this shouldn't have any difference to the cookies being set, maybe it does.
Could you maybe send your configuration for kratos
just omit sensitive information pleasenumerous-energy-92403
11/12/2021, 5:11 PMproud-plumber-24205
11/12/2021, 5:20 PMnumerous-energy-92403
11/12/2021, 5:21 PMproud-plumber-24205
11/12/2021, 5:22 PMThe cookie was blocked because neither did the request URL's domain exactly match the cookie domain, nor was the request URL's domain a subdomain of the cookie's Domain attribute value
numerous-energy-92403
11/12/2021, 5:22 PMproud-plumber-24205
11/12/2021, 5:23 PMnumerous-energy-92403
11/12/2021, 5:28 PMversion: v0.8.0-alpha.3
dsn: <postgres://kratos:kratos@cordico-user-db.postgres.database.azure.com:5432/kratos>
serve:
public:
base_url: <https://kratos-dev.dev.cordico.com/>
cors:
enabled: true
admin:
base_url: <https://kratos-admin-dev.dev.cordico.com/>
selfservice:
default_browser_return_url: <https://kratos-ss-dev.dev.cordico.com/>
whitelisted_return_urls:
- <https://kratos-ss-dev.dev.cordico.com/>
methods:
password:
enabled: true
flows:
error:
ui_url: <https://kratos-ss-dev.dev.cordico.com/error>
settings:
ui_url: <https://kratos-ss-dev.dev.cordico.com/settings>
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: <https://kratos-ss-dev.dev.cordico.com/recovery>
verification:
enabled: true
ui_url: <https://kratos-ss-dev.dev.cordico.com/verify>
after:
default_browser_return_url: <https://kratos-ss-dev.dev.cordico.com/>
logout:
after:
default_browser_return_url: <https://kratos-ss-dev.dev.cordico.com/auth/login>
login:
ui_url: <https://kratos-ss-dev.dev.cordico.com/auth/login>
lifespan: 10m
registration:
lifespan: 10m
ui_url: <https://kratos-ss-dev.dev.cordico.com/auth/registration>
after:
password:
hooks:
-
hook: session
log:
level: debug
format: text
leak_sensitive_values: true
secrets:
cookie:
- Bjcm87kiruJlmrMdLmWyHRh56PbNzeRg
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
identity:
default_schema_url: <base64://ew0KICAiJGlkIjogImh0dHBzOi8vdHJpYmVoZWFsdGguY29tL3ByZXNldHMva3J>hdG9zL3F1aWNrc3RhcnQvaWRlbnRpZmllci1wYXNzd29yZC9pZGVudGl0eS5zY2hlbWEuanNvbiIsDQogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsDQogICJ0aXRsZSI6ICJJZGVudGl0eSIsDQogICJ0eXBlIjogIm9iamVjdCIsDQogICJwcm9wZXJ0aWVzIjogew0KICAgICJ0cmFpdHMiOiB7DQogICAgICAidHlwZSI6ICJvYmplY3QiLA0KICAgICAgInByb3BlcnRpZXMiOiB7DQogICAgICAgICJpZGVudGlmaWVyIjogew0KICAgICAgICAgICJ0eXBlIjogInN0cmluZyIsDQogICAgICAgICAgInRpdGxlIjogIklkZW50aWZpZXIiLA0KICAgICAgICAgICJtaW5MZW5ndGgiOiAzLA0KICAgICAgICAgICJvcnkuc2gva3JhdG9zIjogew0KICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogew0KICAgICAgICAgICAgICAicGFzc3dvcmQiOiB7DQogICAgICAgICAgICAgICAgImlkZW50aWZpZXIiOiB0cnVlDQogICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCiAgICAgICAgICB9DQogICAgICAgIH0sDQoJImVtYWlsIjogew0KICAgICAgICAgICJ0eXBlIjogInN0cmluZyIsDQogICAgICAgICAgImZvcm1hdCI6ICJlbWFpbCIsDQogICAgICAgICAgInRpdGxlIjogIkUtTWFpbCIsDQogICAgICAgICAgIm1pbkxlbmd0aCI6IDMsDQoJICAib3J5LnNoL2tyYXRvcyI6IHsNCiAgICAgICAgICAgICJyZWNvdmVyeSI6IHsNCgkgICAgICAidmlhIjoiZW1haWwiDQoJICAgIH0NCgkgIH0gIA0KICAgICAgICB9LA0KICAgICAgICAibmFtZSI6IHsNCiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLA0KICAgICAgICAgICJwcm9wZXJ0aWVzIjogew0KICAgICAgICAgICAgImZpcnN0Ijogew0KICAgICAgICAgICAgICAidGl0bGUiOiAiRmlyc3QgTmFtZSIsDQogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICAibGFzdCI6IHsNCiAgICAgICAgICAgICAgInRpdGxlIjogIkxhc3QgTmFtZSIsDQogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyINCiAgICAgICAgICAgIH0NCiAgICAgICAgICB9DQogICAgICAgIH0NCiAgICAgIH0sDQogICAgICAicmVxdWlyZWQiOiBbDQoJImlkZW50aWZpZXIiLA0KICAgICAgICAiZW1haWwiDQogICAgICBdLA0KICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogZmFsc2UNCiAgICB9DQogIH0NCn0NCg==
schemas:
- id: organization
url: <base64://ew0KICAiJGlkIjogImh0dHBzOi8vbGV4aXBvbC5jb20vY29yZGljby9vcmdhbml>6YXRpb24uc2NoZW1hLmpzb24iLA0KICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLA0KICAidGl0bGUiOiAiT3JnYW5pemF0aW9uIElkZW50aXR5IiwNCiAgInR5cGUiOiAib2JqZWN0IiwNCiAgInByb3BlcnRpZXMiOiB7DQogICAgInRyYWl0cyI6IHsNCiAgICAgICJ0eXBlIjogIm9iamVjdCIsDQogICAgICAicHJvcGVydGllcyI6IHsNCiAgICAgICAgImlkZW50aWZpZXIiOiB7DQogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwNCiAgICAgICAgICAidGl0bGUiOiAiSWRlbnRpZmllciIsDQogICAgICAgICAgIm1pbkxlbmd0aCI6IDMsDQogICAgICAgICAgIm9yeS5zaC9rcmF0b3MiOiB7DQogICAgICAgICAgICAiY3JlZGVudGlhbHMiOiB7DQogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsNCiAgICAgICAgICAgICAgICAiaWRlbnRpZmllciI6IHRydWUNCiAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfQ0KICAgICAgICAgIH0NCiAgICAgICAgfSwNCgkiZW1haWwiOiB7DQogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwNCiAgICAgICAgICAiZm9ybWF0IjogImVtYWlsIiwNCiAgICAgICAgICAidGl0bGUiOiAiRS1NYWlsIiwNCiAgICAgICAgICAibWluTGVuZ3RoIjogMywNCgkgICJvcnkuc2gva3JhdG9zIjogew0KICAgICAgICAgICAgInJlY292ZXJ5Ijogew0KCSAgICAgICJ2aWEiOiJlbWFpbCINCgkgICAgfQ0KCSAgfSAgDQogICAgICAgIH0sDQogICAgICAgICJvcmdhbml6YXRpb24iOiB7DQogICAgICAgICAgInR5cGUiOiAib2JqZWN0IiwNCiAgICAgICAgICAicHJvcGVydGllcyI6IHsNCiAgICAgICAgICAgICJuYW1lIjogew0KICAgICAgICAgICAgICAidGl0bGUiOiAiT3JnYW5pemF0aW9uIE5hbWUiLA0KICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAgIm9yZ2FuaXphdGlvbl90eXBlIjogew0KICAgICAgICAgICAgICAidGl0bGUiOiAiT3JnYW5pemF0aW9uIFR5cGUiLA0KICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciDQogICAgICAgICAgICB9LA0KCSAgICAiZGF0YSI6IHsNCgkgICAgICAidHlwZSI6Im9iamVjdCIsDQoJICAgICAgInRpdGxlIjoiT3JnYW5pemF0aW9uIERhdGEiLA0KCSAgICAgICJhZGRpdGlvbmFsUHJvcGVydGllcyI6dHJ1ZQ0KCSAgICB9DQogICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICB9LA0KICAgICAgInJlcXVpcmVkIjogWw0KCSJpZGVudGlmaWVyIiwNCiAgICAgICAgImVtYWlsIiwNCgkib3JnYW5pemF0aW9uIg0KICAgICAgXSwNCiAgICAgICJhZGRpdGlvbmFsUHJvcGVydGllcyI6IGZhbHNlDQogICAgfQ0KICB9DQp9DQo=
courier:
smtp:
connection_uri: <smtps://postmaster:3>d8c25d151343f553b2c9d19d52ea665-dbdfb8ff-c020ce20@smtp.mailgun.org:587/
from_address: <mailto:admin@tribecore.io|admin@tribecore.io>
session:
lifespan: 4320h