diff --git a/api/v1alpha1/oauth2client_types.go b/api/v1alpha1/oauth2client_types.go index 765c087..5734596 100644 --- a/api/v1alpha1/oauth2client_types.go +++ b/api/v1alpha1/oauth2client_types.go @@ -116,6 +116,12 @@ type OAuth2ClientSpec struct { // // Metadata is abritrary data Metadata apiextensionsv1.JSON `json:"metadata,omitempty"` + + // +kubebuilder:validation:type=string + // +kubebuilder:validation:Pattern=`(^$|^https?://.*)` + // + // JwksUri Define the URL where the JSON Web Key Set should be fetched from when performing the private_key_jwt client authentication method. + JwksUri string `json:"jwksUri,omitempty"` } // +kubebuilder:validation:Enum=client_credentials;authorization_code;implicit;refresh_token diff --git a/config/crd/bases/hydra.ory.sh_oauth2clients.yaml b/config/crd/bases/hydra.ory.sh_oauth2clients.yaml index d9be6f9..91bae05 100644 --- a/config/crd/bases/hydra.ory.sh_oauth2clients.yaml +++ b/config/crd/bases/hydra.ory.sh_oauth2clients.yaml @@ -114,6 +114,13 @@ spec: pattern: (^$|^https?://.*) type: string type: object + jwksUri: + description: + Define the URL where the JSON Web Key Set should be fetched + from when performing the private_key_jwt client + authentication method. + pattern: (^$|^https?://.*) + type: string metadata: description: Metadata is abritrary data nullable: true diff --git a/hydra/types.go b/hydra/types.go index d52d6df..bb8cb4a 100644 --- a/hydra/types.go +++ b/hydra/types.go @@ -28,6 +28,7 @@ type OAuth2ClientJSON struct { Owner string `json:"owner"` TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` Metadata json.RawMessage `json:"metadata,omitempty"` + JwksUri string `json:"jwks_uri,omitempty"` } // Oauth2ClientCredentials represents client ID and password fetched from a