mention GitHubIdentityProvider in some more website documentation

2026-01-06 13:36:54 +00:00 · 2024-05-30 14:21:33 -07:00
parent 037fa65c63
commit 38a90fa01e
6 changed files with 11 additions and 11 deletions
--- a/site/content/docs/howto/concierge/configure-concierge-supervisor-jwt.md
+++ b/site/content/docs/howto/concierge/configure-concierge-supervisor-jwt.md
@@ -28,7 +28,7 @@ If you would rather not use the Supervisor, you may want to [configure the Conci
 This how-to guide assumes that you have already [installed the Pinniped Supervisor]({{< ref "install-supervisor" >}}) with working ingress,
 and that you have [configured a FederationDomain to issue tokens for your downstream clusters]({{< ref "configure-supervisor" >}}).

-It also assumes that you have configured an `OIDCIdentityProvider`, `LDAPIdentityProvider`, or `ActiveDirectoryIdentityProvider` for the Supervisor as the source of your user's identities.
+It also assumes that you have configured an `OIDCIdentityProvider`, `LDAPIdentityProvider`, `ActiveDirectoryIdentityProvider`, or `GitHubIdentityProvider` for the Supervisor as the source of your user's identities.
 Various examples of configuring these resources can be found in these guides.

 It also assumes that you have already [installed the Pinniped Concierge]({{< ref "install-concierge" >}})
--- a/site/content/docs/howto/login.md
+++ b/site/content/docs/howto/login.md
@@ -18,7 +18,7 @@ This how-to guide assumes that you have already configured the following Pinnipe
   then you have already:
     1. [Installed the Pinniped Supervisor]({{< ref "install-supervisor" >}}) with working ingress.
     1. [Configured a FederationDomain to issue tokens for your downstream clusters]({{< ref "configure-supervisor" >}}).
-     1. Configured an `OIDCIdentityProvider`, `LDAPIdentityProvider`, or `ActiveDirectoryIdentityProvider` for the Supervisor as the source of your user's identities.
+     1. Configured an `OIDCIdentityProvider`, `LDAPIdentityProvider`, `ActiveDirectoryIdentityProvider`, or `GitHubIdentityProvider` for the Supervisor as the source of your user's identities.
        Various examples of configuring these resources can be found in these guides.
 1. In each cluster for which you would like to use Pinniped for authentication, you have [installed the Concierge]({{< ref "install-concierge" >}}).
 1. In each cluster's Concierge, you have configured an authenticator. For example, if you are using the Pinniped Supervisor,
@@ -73,7 +73,7 @@ The new Pinniped-compatible kubeconfig YAML will be output as stdout, and can be

 Various default behaviors of `pinniped get kubeconfig` can be overridden using [its command-line options]({{< ref "cli" >}}).
 One flag of note is `--upstream-identity-provider-flow browser_authcode` to choose end-user `kubectl` login via a web browser
-(the default for OIDCIdentityProviders), and `--upstream-identity-provider-flow cli_password` to choose end-user `kubectl`
+(the default for OIDCIdentityProviders and GitHubIdentityProviders), and `--upstream-identity-provider-flow cli_password` to choose end-user `kubectl`
 login via CLI username/password prompts (the default for LDAPIdentityProviders and ActiveDirectoryIdentityProviders).

 If the cluster is using a Pinniped Supervisor's FederationDomain to provide authentication services,
--- a/site/content/docs/howto/supervisor/configure-supervisor-federationdomain-idps.md
+++ b/site/content/docs/howto/supervisor/configure-supervisor-federationdomain-idps.md
@@ -29,7 +29,7 @@ This guide assumes that you are using at least that version.
 ## Summary

 External identity providers may be configured in the Supervisor by creating OIDCIdentityProvider,
-ActiveDirectoryIdentityProvider, or LDAPIdentityProvider resources in the same namespace as the Supervisor.
+ActiveDirectoryIdentityProvider, LDAPIdentityProvider, or GitHubIdentityProvider resources in the same namespace as the Supervisor.

 There are two ways to configure which of these external identity providers shall be used by a FederationDomain.

@@ -37,7 +37,7 @@ There are two ways to configure which of these external identity providers shall
   the one and only identity provider that is configured in the same namespace. This provides backwards compatibility
   with older configurations of Supervisors from before the `spec.identityProviders` setting was added to the
   FederationDomain resource. There must be exactly one OIDCIdentityProvider,
-   ActiveDirectoryIdentityProvider, or LDAPIdentityProvider resource in the same namespace as the Supervisor.
+   ActiveDirectoryIdentityProvider, LDAPIdentityProvider, or GitHubIdentityProvider resource in the same namespace as the Supervisor.
   If there are no identity provider resources, or if there are more than one, then the FederationDomain will
   not allow any users to authenticate, and a error message will be shown in its `status`.

@@ -133,8 +133,8 @@ and group names.

 ## Identity transformations and policies

-When a user authenticates, the configuration of the OIDCIdentityProvider, ActiveDirectoryIdentityProvider, or 
-LDAPIdentityProvider resource determines how the user's username and group names will be extracted from the external
+When a user authenticates, the configuration of the OIDCIdentityProvider, ActiveDirectoryIdentityProvider,
+LDAPIdentityProvider, or GitHubIdentityProvider resource determines how the user's username and group names will be extracted from the external
 identity provider in a protocol-specific way (e.g. via OIDC ID token claims or LDAP record attributes).

 Then, operating on the username and group names extracted from the external IDP:
@@ -217,7 +217,7 @@ act as living documentation for your fellow administrators, and also act as unit

 Each example declares inputs for the whole pipeline of expressions, and also declares the expected results of the
 entire pipeline running on those inputs. The inputs are examples of the username and list of group names that might
-be determined by the related OIDCIdentityProvider, ActiveDirectoryIdentityProvider, or LDAPIdentityProvider resource.
+be determined by the related OIDCIdentityProvider, ActiveDirectoryIdentityProvider, LDAPIdentityProvider, or GitHubIdentityProvider resource.
 The expected outputs are the username and list of group names, or the authentication rejection, for which your pipeline
 should result upon the given inputs.

--- a/site/content/docs/howto/supervisor/configure-supervisor.md
+++ b/site/content/docs/howto/supervisor/configure-supervisor.md
@@ -329,7 +329,7 @@ should be signed by a certificate authority that is trusted by their browsers.

 ## Next steps

-Next, configure an OIDCIdentityProvider, ActiveDirectoryIdentityProvider, or an LDAPIdentityProvider for the Supervisor
+Next, configure an OIDCIdentityProvider, ActiveDirectoryIdentityProvider, LDAPIdentityProvider, or a GitHubIdentityProvider for the Supervisor
 (several examples are available in these guides). Then learn [how to configure a FederationDomain to use one or more
 identity providers]({{< ref "configure-supervisor-federationdomain-idps" >}}). And finally,
 [configure the Concierge to use the Supervisor for authentication]({{< ref "configure-concierge-supervisor-jwt" >}})
--- a/site/content/docs/reference/code-walkthrough.md
+++ b/site/content/docs/reference/code-walkthrough.md
@@ -208,7 +208,7 @@ The per-FederationDomain endpoints are:
  extended in [internal/federationdomain/endpoints/tokenexchange/token_exchange.go](https://github.com/vmware-tanzu/pinniped/blob/main/internal/federationdomain/endpoints/tokenexchange/token_exchange.go)
  to handle an additional grant type for [RFC 8693](https://datatracker.ietf.org/doc/html/rfc8693) token exchanges to
  reduce the applicable scope (technically, the `aud` claim) of ID tokens.
- `<issuer_path>/callback` is a special endpoint that is used as the redirect URL when performing an OIDC authcode flow against an upstream OIDC identity provider as configured by an OIDCIdentityProvider custom resource.
+- `<issuer_path>/callback` is a special endpoint that is used as the redirect URL when performing an OAuth 2.0 or OIDC authcode flow against an upstream OIDC identity provider as configured by an OIDCIdentityProvider or GitHubIdentityProvider custom resource.
  See [internal/federationdomain/endpoints/callback/callback_handler.go](https://github.com/vmware-tanzu/pinniped/blob/main/internal/federationdomain/endpoints/callback/callback_handler.go).
 - `<issuer_path>/v1alpha1/pinniped_identity_providers` is a custom discovery endpoint for clients to learn about available upstream identity providers.
  See [internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go](https://github.com/vmware-tanzu/pinniped/blob/main/internal/federationdomain/endpoints/idpdiscovery/idp_discovery_handler.go).
--- a/site/content/docs/tutorials/supervisor-without-concierge-demo.md
+++ b/site/content/docs/tutorials/supervisor-without-concierge-demo.md
@@ -51,7 +51,7 @@ clusters all with a single Pinniped Supervisor.

 1. A Pinniped Supervisor already installed and running on another cluster, and already configured with
   a working FederationDomain, TLS certificates, and an external identity provider
-   (e.g. an OIDCIdentityProvider, LDAPIdentityProvider, or ActiveDirectoryIdentityProvider).
+   (e.g. an OIDCIdentityProvider, LDAPIdentityProvider, ActiveDirectoryIdentityProvider, or GitHubIdentityProvider).

   Don't have a Pinniped Supervisor ready? Please refer to the other documents on this site to help you get one up and running
   and sufficiently configured.