maraino
commented
5 months ago See my comment on https://github.com/smallstep/certificates/pull/1796
Closed jeremydonahue closed 2 months ago
maraino
commented
5 months ago See my comment on https://github.com/smallstep/certificates/pull/1796
maraino
commented
2 months ago Superseded by https://github.com/smallstep/cli/pull/1154
This allows the provider to specify custom scopes that should be used when generating OIDC tokens. This is useful when, for example, when using the OIDC provider with Dex and Github in that it allows the preferred_username or federated_claims.user_id fields to be returned with the token for use in SSH certificate templates (ie. to identify a Github user via extensions:login@github.com).
Note that this feature depends on https://github.com/smallstep/certificates/pull/1796 being merged to provide the
Scopesfield onproviders.OIDC.Example usage: ca.json:
SSH template:
Name of feature:
Custom scopes for OIDC providers.
Pain or issue this feature alleviates:
Same as https://github.com/smallstep/certificates/pull/1796.
Why is this important to the project (if not answered above):
Same as https://github.com/smallstep/certificates/pull/1796.
Is there documentation on how to use this feature? If so, where?
Same as https://github.com/smallstep/certificates/pull/1796.
In what environments or workflows is this feature supported?
Same as https://github.com/smallstep/certificates/pull/1796.
In what environments or workflows is this feature explicitly NOT supported (if any)?
Same as https://github.com/smallstep/certificates/pull/1796.
Supporting links/other PRs/issues:
Requires https://github.com/smallstep/certificates/pull/1796.