Update JWT docs for bound_claims improvements (#6559)

2019-04-12 14:08:02 -07:00 · 2019-04-12 14:08:02 -07:00 · 75480642cf
parent 57c5424a6a
commit 75480642cf
2 changed files with 10 additions and 0 deletions
--- a/website/source/api/auth/jwt/index.html.md
+++ b/website/source/api/auth/jwt/index.html.md
@ -124,6 +124,7 @@ entities attempting to login. At least one of the bound values must be set.
  source address for login requests. This value is also encoded into any
  resulting token.
 - `bound_claims` `(map: <optional>)` - If set, a map of claims/values to match against.
+  The expected value may be a single string or a list of strings.
 - `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify
  the set of groups to which the user belongs; this will be used as the names
  for the Identity group aliases created due to a successful login. The claim
--- a/website/source/docs/auth/jwt.html.md
+++ b/website/source/docs/auth/jwt.html.md
@ -43,6 +43,15 @@ to:

 Only JWTs containing both the "division" and "department" claims, and
 respective matching values of "Europe" and "Engineering", would be authorized.
+If the expected value is a list, the claim must match one of the items in the list.
+To limit authorization to a set of email addresses:
+
+```json
+{
+  "email": ["fred@example.com", "julie@example.com"]
+}
+```
+

 ### Claims as Metadata