Interface ClusterOpenIDConnectConfig

interface ClusterOpenIDConnectConfig {
    clientId: string;
    groupsClaim: string[];
    groupsPrefix: string;
    issuerUrl: string;
    requiredClaim: string[];
    usernameClaim: string;
    usernamePrefix: string;
}

Properties

clientId groupsClaim groupsPrefix issuerUrl requiredClaim usernameClaim usernamePrefix

Properties

clientId

clientId: string

A client ID that all tokens must be issued for.

groupsClaim

groupsClaim: string[]

JWT claim to use as the user's group.

groupsPrefix

groupsPrefix: string

Prefix prepended to group claims to prevent name collision (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra.

issuerUrl

issuerUrl: string

URL of the provider which allows the API server to discover public signing keys. Only URLs using the https:// scheme are accepted. This is typically the provider's discovery URL without a path, for example "https://accounts.google.com" or "https://login.salesforce.com".

requiredClaim

requiredClaim: string[]

Multiple key=value pairs describing a required claim in the ID token. If set, the claims are verified to be present in the ID token with a matching value.

usernameClaim

usernameClaim: string

JWT claim to use as the user name. The default is sub, which is expected to be the end user's unique identifier. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent name collision.

usernamePrefix

usernamePrefix: string

Prefix prepended to username claims to prevent name collision (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this flag is not provided and username_claim is a value other than email, the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of issuer_url. The value - can be used to disable all prefixing.

Settings

On This Page

Properties