---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.9
creationTimestamp: null
name: oauth2clients.hydra.ory.sh
spec:
group: hydra.ory.sh
names:
kind: OAuth2Client
listKind: OAuth2ClientList
plural: oauth2clients
singular: oauth2client
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OAuth2Client is the Schema for the oauth2clients API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description:
OAuth2ClientSpec defines the desired state of OAuth2Client
properties:
allowedCorsOrigins:
description:
AllowedCorsOrigins is an array of allowed CORS origins
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
audience:
description:
Audience is a whitelist defining the audiences this client
is allowed to request tokens for
items:
type: string
type: array
clientName:
description:
ClientName is the human-readable string name of the client
to be presented to the end-user during authorization.
type: string
grantTypes:
description:
GrantTypes is an array of grant types the client is allowed
to use.
items:
description: GrantType represents an OAuth 2.0 grant type
enum:
- client_credentials
- authorization_code
- implicit
- refresh_token
type: string
maxItems: 4
minItems: 1
type: array
hydraAdmin:
description:
HydraAdmin is the optional configuration to use for managing
this client
properties:
endpoint:
description:
Endpoint is the endpoint for the hydra instance on which
to set up the client. This value will override the value
provided to `--endpoint` (defaults to `"/clients"` in
the application)
pattern: (^$|^/.*)
type: string
forwardedProto:
description:
ForwardedProto overrides the `--forwarded-proto` flag.
The value "off" will force this to be off even if
`--forwarded-proto` is specified
pattern: (^$|https?|off)
type: string
port:
description:
Port is the port for the hydra instance on which to set
up the client. This value will override the value
provided to `--hydra-port`
maximum: 65535
type: integer
url:
description:
URL is the URL for the hydra instance on which to set up
the client. This value will override the value provided
to `--hydra-url`
maxLength: 64
pattern: (^$|^https?://.*)
type: string
type: object
metadata:
description: Metadata is abritrary data
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
postLogoutRedirectUris:
description:
PostLogoutRedirectURIs is an array of the post logout
redirect URIs allowed for the application
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
redirectUris:
description:
RedirectURIs is an array of the redirect URIs allowed for
the application
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
responseTypes:
description:
ResponseTypes is an array of the OAuth 2.0 response type
strings that the client can use at the authorization
endpoint.
items:
description:
ResponseType represents an OAuth 2.0 response type strings
enum:
- id_token
- code
- token
- code token
- code id_token
- id_token token
- code id_token token
type: string
maxItems: 3
minItems: 1
type: array
scope:
description:
Scope is a string containing a space-separated list of scope
values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
that the client can use when requesting access tokens.
pattern: ([a-zA-Z0-9\.\*]+\s?)+
type: string
secretName:
description:
SecretName points to the K8s secret that contains this
client's ID and password
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
type: string
tokenEndpointAuthMethod:
allOf:
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
description:
Indication which authentication method shoud be used for the
token endpoint
type: string
required:
- grantTypes
- scope
- secretName
type: object
status:
description:
OAuth2ClientStatus defines the observed state of OAuth2Client
properties:
observedGeneration:
description:
ObservedGeneration represents the most recent generation
observed by the daemon set controller.
format: int64
type: integer
reconciliationError:
description:
ReconciliationError represents an error that occurred during
the reconciliation process
properties:
description:
description:
Description is the description of the reconciliation
error
type: string
statusCode:
description:
Code is the status code of the reconciliation error
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []