--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.9 creationTimestamp: null name: oauth2clients.hydra.ory.sh spec: group: hydra.ory.sh names: kind: OAuth2Client listKind: OAuth2ClientList plural: oauth2clients singular: oauth2client scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: OAuth2Client is the Schema for the oauth2clients API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: OAuth2ClientSpec defines the desired state of OAuth2Client properties: allowedCorsOrigins: description: AllowedCorsOrigins is an array of allowed CORS origins items: description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ type: string type: array audience: description: Audience is a whitelist defining the audiences this client is allowed to request tokens for items: type: string type: array clientName: description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization. type: string grantTypes: description: GrantTypes is an array of grant types the client is allowed to use. items: description: GrantType represents an OAuth 2.0 grant type enum: - client_credentials - authorization_code - implicit - refresh_token type: string maxItems: 4 minItems: 1 type: array hydraAdmin: description: HydraAdmin is the optional configuration to use for managing this client properties: endpoint: description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application) pattern: (^$|^/.*) type: string forwardedProto: description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified pattern: (^$|https?|off) type: string port: description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port` maximum: 65535 type: integer url: description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url` maxLength: 64 pattern: (^$|^https?://.*) type: string type: object metadata: description: Metadata is abritrary data format: byte type: string postLogoutRedirectUris: description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application items: description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ type: string type: array redirectUris: description: RedirectURIs is an array of the redirect URIs allowed for the application items: description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ type: string type: array responseTypes: description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. items: description: ResponseType represents an OAuth 2.0 response type strings enum: - id_token - code - token type: string maxItems: 3 minItems: 1 type: array scope: description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. pattern: ([a-zA-Z0-9\.\*]+\s?)+ type: string secretName: description: SecretName points to the K8s secret that contains this client's ID and password maxLength: 253 minLength: 1 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' type: string tokenEndpointAuthMethod: allOf: - enum: - client_secret_basic - client_secret_post - private_key_jwt - none - enum: - client_secret_basic - client_secret_post - private_key_jwt - none description: Indication which authentication method shoud be used for the token endpoint type: string required: - grantTypes - scope - secretName type: object status: description: OAuth2ClientStatus defines the observed state of OAuth2Client properties: observedGeneration: description: ObservedGeneration represents the most recent generation observed by the daemon set controller. format: int64 type: integer reconciliationError: description: ReconciliationError represents an error that occurred during the reconciliation process properties: description: description: Description is the description of the reconciliation error type: string statusCode: description: Code is the status code of the reconciliation error type: string type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []