search

smallstep / cli

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
https://smallstep.com/cli
Apache License 2.0
3.57k stars 247 forks source link

add AuthParams to token #1154

Closed jdoupe closed 1 month ago

jdoupe commented 3 months ago

Name of feature:

Read "AuthParams" from OIDC provisioner.

Pain or issue this feature alleviates:

AuthParams (or "extra parameters for the authorization request") are sometimes a requirement for OIDC configurations. Someone had already added the capability as a command line parameter, but remote requests to a CA wouldn't be able to include any extra parameters.

Why is this important to the project (if not answered above):

Is there documentation on how to use this feature? If so, where?

Not absolutely sure where to update this, but it would entail the addition of an "authParams" key within an OIDC provisioner: e.g.

                               "authParams": [
                                        "myextrakey=myextravalue"
                                ],

In what environments or workflows is this feature supported?

In what environments or workflows is this feature explicitly NOT supported (if any)?

Supporting links/other PRs/issues:

https://github.com/smallstep/certificates/pull/1802

💔Thank you!

CLAassistant commented 3 months ago

CLA assistant check
All committers have signed the CLA.

maraino commented 3 months ago

See my comment on https://github.com/smallstep/certificates/pull/1802

jdoupe commented 2 months ago

Linking other related PR for easy reference: https://github.com/smallstep/linkedca/pull/84