Update JWT docs (#8525)

2020-03-14 14:45:30 -07:00 · 2020-03-14 14:45:30 -07:00 · b949dc622b
parent 16ad0ded58
commit b949dc622b
2 changed files with 8 additions and 1 deletions
--- a/website/pages/api-docs/auth/jwt/index.mdx
+++ b/website/pages/api-docs/auth/jwt/index.mdx
@ -124,7 +124,12 @@ entities attempting to login. At least one of the bound values must be set.
 - `bound_subject` `(string: <optional>)` - If set, requires that the `sub`
  claim matches this value.
 - `bound_claims` `(map: <optional>)` - If set, a map of claims/values to match against.
-  The expected value may be a single string or a list of strings.
+  The expected value may be a single string or a list of strings. The interpretation of the bound
+  claim values is configured with `bound_claims_type`.
+- `bound_claims_type` `(string: "string")` - Configures the interpretation of the bound_claims values.
+   If `"string"` (the default), the values will treated as string literals and must match exactly.
+   If set to `"glob"`, the values will be interpreted as globs, with `*` matching any number of
+   characters.
 - `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify
  the set of groups to which the user belongs; this will be used as the names
  for the Identity group aliases created due to a successful login. The claim
--- a/website/pages/docs/auth/jwt.mdx
+++ b/website/pages/docs/auth/jwt.mdx
@ -69,6 +69,8 @@ To limit authorization to a set of email addresses:
 }
 ```

+Bound claims can optionally be configured with globs. See the [API documentation](/auth/jwt/#bound_claims_type) for more details.
+
 ### Claims as Metadata

 Data from claims can be copied into the resulting auth token and alias metadata by configuring `claim_mappings`. This role