Open tz-torchai opened 2 years ago
When Kubernetes API server received an ID token (JWT) from kubectl, it verifies the signature of token against the issuer certificate.
See the doc for details.
- The API server will make sure the JWT signature is valid by checking against the certificate named in the configuration https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
If you are interesting in OpenID Connect, see also this doc.
The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer. https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
Describe the question
Thanks so much for this wonderful and convenient tool.
I understand all other steps in the diagram but step 12 and step 13. What will
kube-apiserver
do after receiving the request with token? Could anyone explain to me about that? Thanks in advance!