wireguard_webadmin/containers/caddy/config_example/auth_policies.json

{
  "auth_methods": {
    "password_local": {
      "type": "local_password"
    },
    "totp_default": {
      "type": "totp"
    },
    "google_workspace_admins": {
      "type": "oidc",
      "provider": "google",
      "client_id": "GOOGLE_CLIENT_ID",
      "client_secret": "GOOGLE_CLIENT_SECRET",
      "allowed_domains": [
        "example.com"
      ],
      "allowed_emails": [
        "eduardo@example.com",
        "alice@example.com"
      ]
    }
  },
  "groups": {
    "admins": {
      "users": [
        "eduardo",
        "alice"
      ]
    },
    "ops": {
      "users": [
        "bob",
        "charlie"
      ]
    },
    "staff": {
      "users": [
        "david"
      ]
    }
  },
  "users": {
    "eduardo": {
      "email": "eduardo@example.com",
      "password_hash": "$argon2id$hash"
    },
    "alice": {
      "email": "alice@example.com",
      "password_hash": "$argon2id$hash"
    },
    "bob": {
      "email": "bob@example.com",
      "password_hash": "$argon2id$hash"
    }
  },
  "policies": {
    "public": {
      "policy_type": "bypass"
    },
    "api_users": {
      "policy_type": "protected",
      "groups": [
        "staff"
      ],
      "methods": [
        "password_local"
      ]
    },
    "ops_access": {
      "policy_type": "protected",
      "groups": [
        "ops"
      ],
      "methods": [
        "password_local"
      ]
    },
    "admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "password_local",
        "totp_default"
      ]
    },
    "google_admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "google_workspace_admins",
        "totp_default"
      ]
    }
  }
}
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`{`
			`"auth_methods": {`
			`"password_local": {`
			`"type": "local_password"`
			`},`
			`"totp_default": {`
			`"type": "totp"`
			`},`
			`"google_workspace_admins": {`
			`"type": "oidc",`
			`"provider": "google",`
			`"client_id": "GOOGLE_CLIENT_ID",`
			`"client_secret": "GOOGLE_CLIENT_SECRET",`
			`"allowed_domains": [`
			`"example.com"`
			`],`
			`"allowed_emails": [`
			`"eduardo@example.com",`
			`"alice@example.com"`
			`]`
			`}`
			`},`
			`"groups": {`
			`"admins": {`
			`"users": [`
			`"eduardo",`
			`"alice"`
			`]`
			`},`
			`"ops": {`
			`"users": [`
			`"bob",`
			`"charlie"`
			`]`
			`},`
			`"staff": {`
			`"users": [`
			`"david"`
			`]`
			`}`
			`},`
			`"users": {`
			`"eduardo": {`
			`"email": "eduardo@example.com",`
			`"password_hash": "$argon2id$hash"`
			`},`
			`"alice": {`
			`"email": "alice@example.com",`
			`"password_hash": "$argon2id$hash"`
			`},`
			`"bob": {`
			`"email": "bob@example.com",`
			`"password_hash": "$argon2id$hash"`
			`}`
			`},`
			`"policies": {`
			`"public": {`
			`"policy_type": "bypass"`
			`},`
			`"api_users": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"staff"`
			`],`
			`"methods": [`
			`"password_local"`
			`]`
			`},`
			`"ops_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"ops"`
			`],`
			`"methods": [`
			`"password_local"`
			`]`
			`},`
			`"admin_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"admins"`
			`],`
			`"methods": [`
			`"password_local",`
			`"totp_default"`
			`]`
			`},`
			`"google_admin_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"admins"`
			`],`
			`"methods": [`
			`"google_workspace_admins",`
			`"totp_default"`
			`]`
			`}`
			`}`
			`}`