Skip to content

docs: JWT auth docs display fixes #17765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
boruszak merged 5 commits into from
Jun 15, 2023
Merged

docs: JWT auth docs display fixes #17765

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5ad349c
Fixes
boruszak Jun 15, 2023
7a874f3
Merge branch 'main' into docs/jwt-auth-fixes
boruszak Jun 15, 2023
e4da0a4
Merge branch 'main' into docs/jwt-auth-fixes
boruszak Jun 15, 2023
3873cb4
Merge branch 'main' into docs/jwt-auth-fixes
boruszak Jun 15, 2023
149f4d4
Merge branch 'main' into docs/jwt-auth-fixes
boruszak Jun 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
160 changes: 80 additions & 80 deletions website/content/docs/connect/config-entries/jwt-provider.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,53 +108,53 @@ Kind = "jwt-provider" # required
Name = "<name-of-provider-configuration-entry>" # required
Issuer = "<jwt-issuer>" # required
JSONWebKeySet = { # required
Local = { # cannot specify with JWKS{}.Remote
JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
}
Local = { # cannot specify with JWKS{}.Remote
JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
}
}
JSONWebKeySet = {
Remote = { # cannot specify with JWKS{}.Local
URI = "<uniform-resource-identifier>"
RequestTimeoutMs = 1500
CacheDuration = "5m"
FetchAsynchronously = false
RetryPolicy = {
NumRetries = 0
RetryPolicyBackoff = {
BaseInterval = "1s"
MaxInterval = "10s"
Remote = { # cannot specify with JWKS{}.Local
URI = "<uniform-resource-identifier>"
RequestTimeoutMs = 1500
CacheDuration = "5m"
FetchAsynchronously = false
RetryPolicy = {
NumRetries = 0
RetryPolicyBackoff = {
BaseInterval = "1s"
MaxInterval = "10s"
}
}
}
}
}
}
}
Audiences = ["<aud-claims>"]
Locations = [
{
Header = {
Name = "<name-of-header-with-token>"
ValuePrefix = "<prefix-in-header-before-token>"
Forward = false
}
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
{
Header = {
Name = "<name-of-header-with-token>"
ValuePrefix = "<prefix-in-header-before-token>"
Forward = false
}
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
}
}
}
]
Forwarding = {
HeaderName = "<name-appended-to-forwarding-header>"
PadForwardPayloadHeader = false
HeaderName = "<name-appended-to-forwarding-header>"
PadForwardPayloadHeader = false
}
ClockSkewSeconds = 30
CacheConfig = {
Size = 0
Size = 0
}
```

Expand All @@ -164,58 +164,58 @@ CacheConfig = {

```json
{
"Kind": "jwt-provider", // required
"Name": "<name-of-provider-configuration-entry>", // required
"Issuer": "<jwt-issuer>", // required
"JSONWebKeySet": { // required
"Local": { // cannot specify with JWKS.Remote
"JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
"Kind": "jwt-provider", // required
"Name": "<name-of-provider-configuration-entry>", // required
"Issuer": "<jwt-issuer>", // required
"JSONWebKeySet": { // required
"Local": { // cannot specify with JWKS.Remote
"JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
}
},
"JSONWebKeySet": {
"Remote": { // cannot specify with JWKS.Local
"URI": "<uniform-resource-identifier>",
"RequestTimeoutMs": "1500",
"CacheDuration": "5m",
"FetchAsynchronously": "false",
"RetryPolicy": {
"NumRetries": "0",
"RetryPolicyBackOff": {
"BaseInterval": "1s",
"MaxInterval": "10s"
},
"JSONWebKeySet": {
"Remote": { // cannot specify with JWKS.Local
"URI": "<uniform-resource-identifier>",
"RequestTimeoutMs": "1500",
"CacheDuration": "5m",
"FetchAsynchronously": "false",
"RetryPolicy": {
"NumRetries": "0",
"RetryPolicyBackOff": {
"BaseInterval": "1s",
"MaxInterval": "10s"
}
}
}
}
}
},
"Audiences": ["<aud-claims>"],
"Locations": [
},
"Audiences": ["<aud-claims>"],
"Locations": [
{
"Header": {
"Name": "<name-of-header-with-token>",
"ValuePrefix": "<prefix-in-header-before-token>",
"Forward": "false"
}
"Header": {
"Name": "<name-of-header-with-token>",
"ValuePrefix": "<prefix-in-header-before-token>",
"Forward": "false"
}
},
{
"QueryParam": {
"Name":"<name-of-query-parameter-with-token>",
}
"QueryParam": {
"Name":"<name-of-query-parameter-with-token>",
}
},
{
"Cookie": {
"Name": "<name-of-cookie-with-token>"
}
"Cookie": {
"Name": "<name-of-cookie-with-token>"
}
}
],
"Forwarding": {
"HeaderName": "<name-appended-to-forwarding-header>",
"PadForwardPayloadHeader": "false"
},
"ClockSkewSeconds": "30",
"CacheConfig": {
],
"Forwarding": {
"HeaderName": "<name-appended-to-forwarding-header>",
"PadForwardPayloadHeader": "false"
},
"ClockSkewSeconds": "30",
"CacheConfig": {
"Size": "0"
}
}
}
```

Expand Down Expand Up @@ -1014,7 +1014,7 @@ metadata:
name: okta
spec:
issuer: okta
jsonWebKeySet:
jsonwebkeyset:
remote:
uri: https://<org>.okta.com/oauth2/default/v1/keys
cacheDuration: 30m
Expand Down
102 changes: 51 additions & 51 deletions website/content/docs/connect/config-entries/service-intentions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1506,64 +1506,64 @@ Sources = [
```

```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: backend
spec:
sources:
name: frontend
permissions:
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
name: backend
spec:
sources:
name: frontend
permissions:
http:
pathExact: /admin
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http:
pathExact: /admin
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http:
pathPrefix: /
pathPrefix: /
```

```json
{
"Kind": "service-intentions",
"Name": "backend",
"Sources": [
{
"Name": "frontend",
"Permissions": [
{
"HTTP": {
"PathExact": "/admin"
},
"JWT": {
"Providers": [
{
"Name": "okta",
"VerifyClaims": [
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
}
"Kind": "service-intentions",
"Name": "backend",
"Sources": [
{
"Name": "frontend",
"Permissions": [
{
"HTTP": {
"PathExact": "/admin"
},
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/"
}
"JWT": {
"Providers": [
{
"Name": "okta",
"VerifyClaims": [
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
}
]
}
]
},
{
"Action": "allow",
"HTTP": {
"PathPrefix": "/"
}
}
]
}
]
}
```

Expand Down
2 changes: 1 addition & 1 deletion website/content/docs/connect/intentions/jwt-authorization.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,4 @@ After you update the service intention, write the configuration to Consul so tha

```shell-session
$ consul config write web-intention.hcl
```
```