scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updating Vault docs for JWT support of numeric bound_claims (#24921)

Browse Source 
* Add a note that the role name is available as role in entity alias metadata

* Update JWT docs for numeric bound_claims
This commit is contained in:
Stefan Zhelyazkov
2024-01-18 15:57:30 +02:00
committed by GitHub
parent 5f3ff6b890
commit f4978b3efd
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/api-docs/auth/jwt.mdx
View File

@@ -134,11 +134,11 @@ entities attempting to login. At least one of the bound values must be set.
- `bound_subject` `(string: <optional>)` - If set, requires that the `sub`
claim matches this value.
- `bound_claims` `(map: <optional>)` - If set, a map of claims (keys) to match against respective claim values (values).
The expected value may be a single string or a list of strings. The interpretation of the bound
Each expected value may be a string, integer, boolean or a list of strings. The interpretation of the bound
claim values is configured with `bound_claims_type`. Keys support [JSON pointer](/vault/docs/auth/jwt#claim-specifications-and-json-pointer)
syntax for referencing claims.
- `bound_claims_type` `(string: "string")` - Configures the interpretation of the bound_claims values.
If `"string"` (the default), the values will treated as string literals and must match exactly.
If `"string"` (the default), the values will be treated as literals and must match exactly.
If set to `"glob"`, the values will be interpreted as globs, with `*` matching any number of
characters.
- `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify

3
website/content/docs/auth/jwt/index.mdx
View File

@@ -339,7 +339,8 @@ This specifies that the value in the JWT claim "division" should be copied to th
"department" claim value will also be copied into metadata but will retain the key name. If a claim is configured in `claim_mappings`,
it must existing in the JWT or else the authentication will fail.
Note: the metadata key name "role" is reserved and may not be used for claim mappings.
Note: the metadata key name "role" is reserved and may not be used for claim mappings. Since Vault 1.16 the role name is available
by the key `role` in the alias metadata of the entity after a successful login.
### Claim specifications and JSON pointer