-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #32 from FireBlinkLTD/feat/configuration_examples
feat: add idp specific configuration and mappings match mode
- Loading branch information
Showing
6 changed files
with
121 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# AWS Cognito | ||
|
||
## Client Configuration | ||
|
||
```bash | ||
# KeyCloak discovery URL to fetch client configuration from | ||
# <region> should be replaced with an actual AWS Region where User Pool is located | ||
# <pool id> should be replaced with the AWS Cognito User Pool ID | ||
OPENID_CONNECT_DISCOVER_URL='https://cognito-idp.<region>.amazonaws.com/<pool id>/.well-known/openid-configuration' | ||
# client id | ||
OPENID_CLIENT_ID='<client id>' | ||
# client secret | ||
OPENID_CLIENT_SECRET='<client secret>' | ||
|
||
# Information on where to extract cognito user groups | ||
JWT_AUTH_CLAIM_PATHS='{ | ||
"groups": ["cognito:groups"] | ||
}' | ||
``` | ||
|
||
## Mappings | ||
|
||
```yaml | ||
{ | ||
# RegEx pattern | ||
"pattern": ".*", | ||
|
||
"auth": { | ||
# allowed JWT claims | ||
"claims": { | ||
# allowed groups | ||
"groups": [ "<group name>" ] | ||
} | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# KeyCloak configuration example | ||
|
||
## Client Configuration | ||
|
||
```bash | ||
# KeyCloak discovery URL to fetch client configuration from | ||
# <host> should be replaced with an actual Keycloak host | ||
# <realm> should be replaced with the realm name, by default KC creates "master" realm | ||
OPENID_CONNECT_DISCOVER_URL='https://<host>/realms/<realm>/.well-known/openid-configuration' | ||
# client id | ||
OPENID_CLIENT_ID='<client id>' | ||
# client secret | ||
OPENID_CLIENT_SECRET='<client secret>' | ||
|
||
# Information on where to extract realm and client specific roles | ||
# <client id> should be replaced with an actual client ID | ||
JWT_AUTH_CLAIM_PATHS='{ | ||
"realm": ["realm_access", "roles"], | ||
"client": ["resource_access", "<client id>", "roles"] | ||
}' | ||
``` | ||
|
||
## Mappings | ||
|
||
```yaml | ||
{ | ||
# RegEx pattern | ||
"pattern": ".*", | ||
|
||
"auth": { | ||
# require all roles to be presented, as by default mode is "ANY", meaning any of the specified roles grant user access | ||
"mode": "ALL", | ||
|
||
# allowed JWT claims | ||
"claims": { | ||
# allowed realm roles | ||
"realm": [ "<realm-role>" ], | ||
# allowed client roles | ||
"client": [ "<client-role>" ], | ||
} | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters