luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

docs: specify which JWT/OIDC role params support JSON pointer syntax in API docs (#9518)

This commit is contained in:
Austin Gebauer 2020-07-21 11:20:10 -07:00 committed by GitHub
parent fd72d92434
commit 66c8032fb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
website/pages/api-docs/auth/jwt/index.mdx
View File

@ -124,9 +124,10 @@ entities attempting to login. At least one of the bound values must be set.
if set to `-1`. Only applicable with "jwt" roles.
- `bound_subject` `(string: <optional>)` - If set, requires that the `sub`
claim matches this value.
- `bound_claims` `(map: <optional>)` - If set, a map of claims/values to match against.
- `bound_claims` `(map: <optional>)` - If set, a map of claims (keys) to match against respective claim values (values).
The expected value may be a single string or a list of strings. The interpretation of the bound
claim values is configured with `bound_claims_type`.
claim values is configured with `bound_claims_type`. Keys support [JSON pointer](/docs/auth/jwt#claim-specifications-and-json-pointer)
syntax for referencing claims.
- `bound_claims_type` `(string: "string")` - Configures the interpretation of the bound_claims values.
If `"string"` (the default), the values will treated as string literals and must match exactly.
If set to `"glob"`, the values will be interpreted as globs, with `*` matching any number of
@ -134,9 +135,11 @@ entities attempting to login. At least one of the bound values must be set.
- `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify
the set of groups to which the user belongs; this will be used as the names
for the Identity group aliases created due to a successful login. The claim
value must be a list of strings.
value must be a list of strings. Supports [JSON pointer](/docs/auth/jwt#claim-specifications-and-json-pointer)
syntax for referencing claims.
- `claim_mappings` `(map: <optional>)` - If set, a map of claims (keys) to be copied to
specified metadata fields (values).
specified metadata fields (values). Keys support [JSON pointer](/docs/auth/jwt#claim-specifications-and-json-pointer)
syntax for referencing claims.
- `oidc_scopes` `(list: <optional>)` - If set, a list of OIDC scopes to be used with an OIDC role.
The standard scope "openid" is automatically included and need not be specified.
- `allowed_redirect_uris` `(list: <required>)` - The list of allowed values for redirect_uri

4
website/pages/docs/auth/jwt.mdx
View File

@ -92,7 +92,7 @@ Note: the metadata key name "role" is reserved and may not be used for claim map
### Claim specifications and JSON Pointer
Some parameters (e.g. `bound_claims` and `groups_claim`) are used to point to data within the JWT. If
Some parameters (e.g. `bound_claims`, `groups_claim`, `claim_mappings`) are used to point to data within the JWT. If
the desired key is at the top of level of the JWT, the name can be provided directly. If it is nested at a
lower level, a JSON Pointer may be used.
@ -111,7 +111,7 @@ Assume the following JSON data to be referenced:
A parameter of `"division"` will reference "North America", as this is a top level key. A parameter
`"/groups/primary"` uses JSON Pointer syntax to reference "Engineering" at a lower level. Any valid
JSON Pointer can be used as a selector. Refer to the
[JSON Pointer RFC](https://tools.ietf.org/html/rfc6901) for a full description of the syntax
[JSON Pointer RFC](https://tools.ietf.org/html/rfc6901) for a full description of the syntax.
## OIDC Authentication