CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: support all variations of responseTypes (#104)

Browse Source
This commit is contained in:
Jakub Błaszczyk
2021-12-08 09:25:34 +01:00
committed by GitHub
parent ca4fe77f30
commit a7a2caa606
6 changed files with 74 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
config/crd/bases/hydra.ory.sh_oauth2clients.yaml
View File

@ -22,14 +22,10 @@ spec:
description: OAuth2Client is the Schema for the oauth2clients API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@ -44,18 +40,15 @@ spec:
type: string
type: array
audience:
description: Audience is a whitelist defining the audiences this client
is allowed to request tokens for
description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
items:
type: string
type: array
clientName:
description: ClientName is the human-readable string name of the client
to be presented to the end-user during authorization.
description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
type: string
grantTypes:
description: GrantTypes is an array of grant types the client is allowed
to use.
description: GrantTypes is an array of grant types the client is allowed to use.
items:
description: GrantType represents an OAuth 2.0 grant type
enum:
@ -68,31 +61,22 @@ spec:
minItems: 1
type: array
hydraAdmin:
description: HydraAdmin is the optional configuration to use for managing
this client
description: HydraAdmin is the optional configuration to use for managing this client
properties:
endpoint:
description: Endpoint is the endpoint for the hydra instance on
which to set up the client. This value will override the value
provided to `--endpoint` (defaults to `"/clients"` in the application)
description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application)
pattern: (^$|^/.*)
type: string
forwardedProto:
description: ForwardedProto overrides the `--forwarded-proto`
flag. The value "off" will force this to be off even if `--forwarded-proto`
is specified
description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified
pattern: (^$|https?|off)
type: string
port:
description: Port is the port for the hydra instance on which
to set up the client. This value will override the value provided
to `--hydra-port`
description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port`
maximum: 65535
type: integer
url:
description: URL is the URL for the hydra instance on which to
set up the client. This value will override the value provided
to `--hydra-url`
description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url`
maxLength: 64
pattern: (^$|^https?://.*)
type: string
@ -103,44 +87,41 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
postLogoutRedirectUris:
description: PostLogoutRedirectURIs is an array of the post logout
redirect URIs allowed for the application
description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
items:
description: RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
redirectUris:
description: RedirectURIs is an array of the redirect URIs allowed
for the application
description: RedirectURIs is an array of the redirect URIs allowed for the application
items:
description: RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
responseTypes:
description: ResponseTypes is an array of the OAuth 2.0 response type
strings that the client can use at the authorization endpoint.
description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
items:
description: ResponseType represents an OAuth 2.0 response type
strings
description: ResponseType represents an OAuth 2.0 response type strings
enum:
- id_token
- code
- token
- code token
- code id_token
- id_token token
- code id_token token
type: string
maxItems: 3
minItems: 1
type: array
scope:
description: Scope is a string containing a space-separated list of
scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
that the client can use when requesting access tokens.
description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
pattern: ([a-zA-Z0-9\.\*]+\s?)+
type: string
secretName:
description: SecretName points to the K8s secret that contains this
client's ID and password
description: SecretName points to the K8s secret that contains this client's ID and password
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
@ -157,8 +138,7 @@ spec:
- client_secret_post
- private_key_jwt
- none
description: Indication which authentication method shoud be used
for the token endpoint
description: Indication which authentication method shoud be used for the token endpoint
type: string
required:
- grantTypes
@ -169,17 +149,14 @@ spec:
description: OAuth2ClientStatus defines the observed state of OAuth2Client
properties:
observedGeneration:
description: ObservedGeneration represents the most recent generation
observed by the daemon set controller.
description: ObservedGeneration represents the most recent generation observed by the daemon set controller.
format: int64
type: integer
reconciliationError:
description: ReconciliationError represents an error that occurred
during the reconciliation process
description: ReconciliationError represents an error that occurred during the reconciliation process
properties:
description:
description: Description is the description of the reconciliation
error
description: Description is the description of the reconciliation error
type: string
statusCode:
description: Code is the status code of the reconciliation error