luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Update JWT tips (#6955)

Browse source
This commit is contained in:
Jim Kalafut 2019-06-21 14:50:12 -07:00 committed by GitHub
parent 9296ca1f8c
commit c7283f99ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
website/source/docs/auth/jwt.html.md
View file

@ -192,6 +192,9 @@ http/https, 127.0.0.1/localhost, port numbers, whether trailing slashes are pres
known to work, you can add additional claims bindings and metadata copying.
- `bound_audiences` is optional for OIDC roles and typically not required. OIDC providers will use
the client_id as the audience and OIDC validation expects this.
- Check your provider for what scopes are required in order to receive all
of the information you need. The scopes "profile" and "groups" often need to be
requested, and can be added by setting `oidc_scopes="profile,groups"` on the role.
- If you're seeing claim-related errors in logs, review the provider's docs very carefully to see
how they're naming and structuring their claims. Depending on the provider, you may be able to
construct a simple `curl` implicit grant request to obtain a JWT that you can inspect. An example