From 136930804e1c2b5e19a7cf3d7271d377303b931a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 13 Nov 2025 12:21:29 +0000
Subject: [PATCH] Update ToolHive reference docs for
toolhive-operator-crds-0.0.55
---
static/api-specs/toolhive-crd-api.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/static/api-specs/toolhive-crd-api.md b/static/api-specs/toolhive-crd-api.md
index 23d4e3e..8bf77a5 100644
--- a/static/api-specs/toolhive-crd-api.md
+++ b/static/api-specs/toolhive-crd-api.md
@@ -1707,6 +1707,7 @@ _Appears in:_
| `clientSecretRef` _[SecretKeyRef](#secretkeyref)_ | ClientSecretRef is a reference to a secret containing the OAuth 2.0 client secret
Optional for some token exchange flows (e.g., Google Cloud Workforce Identity) | | |
| `audience` _string_ | Audience is the target audience for the exchanged token | | Required: \{\}
|
| `scopes` _string array_ | Scopes is a list of OAuth 2.0 scopes to request for the exchanged token | | |
+| `subjectTokenType` _string_ | SubjectTokenType is the type of the incoming subject token.
Accepts short forms: "access_token" (default), "id_token", "jwt"
Or full URNs: "urn:ietf:params:oauth:token-type:access_token",
"urn:ietf:params:oauth:token-type:id_token",
"urn:ietf:params:oauth:token-type:jwt"
For Google Workload Identity Federation with OIDC providers (like Okta), use "id_token" | | Pattern: `^(access_token\|id_token\|jwt\|urn:ietf:params:oauth:token-type:(access_token\|id_token\|jwt))?$`
|
| `externalTokenHeaderName` _string_ | ExternalTokenHeaderName is the name of the custom header to use for the exchanged token.
If set, the exchanged token will be added to this custom header (e.g., "X-Upstream-Token").
If empty or not set, the exchanged token will replace the Authorization header (default behavior). | | |