mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add UsernameClaim and GroupsClaim to JWTAuthenticator CRD spec

Browse Source 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Ryan Richard
2020-12-15 10:36:19 -08:00
committed by Margo Crawford
parent 43bb7117b7
commit 0e60c93cef
11 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
View File

@@ -51,6 +51,11 @@ spec:
description: Audience is the required value of the "aud" JWT claim.
minLength: 1
type: string
groups_claim:
description: GroupsClaim is the name of the claim which should be
read to extract the user's group membership from the JWT token.
When not specified, it will default to "groups".
type: string
issuer:
description: Issuer is the OIDC issuer URL that will be used to discover
public signing keys. Issuer is also used to validate the "iss" JWT
@@ -66,6 +71,11 @@ spec:
If omitted, a default set of system roots will be trusted.
type: string
type: object
username_claim:
description: UsernameClaim is the name of the claim which should be
read to extract the username from the JWT token. When not specified,
it will default to "username".
type: string
required:
- audience
- issuer