Skip to main content
logoTetrate Service BridgeVersion: next

tsb.tetrate.io/v2

OIDC

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtsb.tetrate.io/v2true
kindstringOIDCtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

OIDC represents an OpenID Connect (OIDC) configuration that can be used to authenticate users in Service Bridge.

false
statusobject
false

OIDC.spec

↩ Parent

OIDC represents an OpenID Connect (OIDC) configuration that can be used to authenticate users in Service Bridge.

NameTypeDescriptionRequired
configobject

OIDC settings for the OIDC provider.

true
secretstring

Base64 encoded client secret for the OIDC provider.

true
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

OIDC.spec.config

↩ Parent

OIDC settings for the OIDC provider.

NameTypeDescriptionRequired
clientIdstring

The client ID from the OIDC provider's application configuration settings.

true
providerConfigobject

OIDC provider configuration.

true
redirectUristring

The public URI where TSB is accessed.

true
authorizationParamsmap[string]string

Optional parameters that will be included in the authorization request to the authorization endpoint.

false
maxExpirationSecondsinteger

Optional max expiration time of issued tokens.


Format: int32

false
offlineAccessConfigobject

Optional OIDC settings specific to offline access.

false
scopes[]string

Scopes passed to the OIDC provider in the Authentication Request.

false

OIDC.spec.config.providerConfig

↩ Parent

OIDC provider configuration.

NameTypeDescriptionRequired
dynamicobject
false
staticobject
false

OIDC.spec.config.providerConfig.dynamic

↩ Parent

NameTypeDescriptionRequired
configurationUristring

OIDC provider's well-known OIDC configuration URI.

true

OIDC.spec.config.providerConfig.static

↩ Parent

NameTypeDescriptionRequired
authorizationEndpointstring

The Authorization Endpoint for the OIDC provider.

true
tokenEndpointstring

The Token Endpoint for the OIDC provider.

true
deviceCodeEndpointstring

The Device Code endpoint for the OIDC provider.

false
introspectionEndpointstring

The Introspection endpoint for the OIDC provider.

false
jwksstring

JSON string with the OIDC provider's JSON Web Key Sets.

false
jwksUristring

URI for the OIDC provider's JSON Web Key Sets.

false

OIDC.spec.config.offlineAccessConfig

↩ Parent

Optional OIDC settings specific to offline access.

NameTypeDescriptionRequired
deviceCodeAuthobject

OIDC settings for Device Code Authorization grant used with offline access.

false
tokenExchangeobject

OIDC settings for Token Exchange grant used with offline access.

false

OIDC.spec.config.offlineAccessConfig.deviceCodeAuth

↩ Parent

OIDC settings for Device Code Authorization grant used with offline access.

NameTypeDescriptionRequired
clientIdstring

The client ID from the OIDC provider's application configuration settings.

false
providerConfigobject

OIDC provider configuration.

false
scopes[]string

Scopes passed to the OIDC provider in the Device Code request Required scope 'openid' is included by default, any additional scopes will be appended in the Device Code Authorization request.

false
skipClientIdCheckboolean

Instructs JWT validation to ignore the 'aud' claim.

false

OIDC.spec.config.offlineAccessConfig.deviceCodeAuth.providerConfig

↩ Parent

OIDC provider configuration.

NameTypeDescriptionRequired
dynamicobject
false
staticobject
false

OIDC.spec.config.offlineAccessConfig.deviceCodeAuth.providerConfig.dynamic

↩ Parent

NameTypeDescriptionRequired
configurationUristring

OIDC provider's well-known OIDC configuration URI.

true

OIDC.spec.config.offlineAccessConfig.deviceCodeAuth.providerConfig.static

↩ Parent

NameTypeDescriptionRequired
authorizationEndpointstring

The Authorization Endpoint for the OIDC provider.

true
tokenEndpointstring

The Token Endpoint for the OIDC provider.

true
deviceCodeEndpointstring

The Device Code endpoint for the OIDC provider.

false
introspectionEndpointstring

The Introspection endpoint for the OIDC provider.

false
jwksstring

JSON string with the OIDC provider's JSON Web Key Sets.

false
jwksUristring

URI for the OIDC provider's JSON Web Key Sets.

false

OIDC.spec.config.offlineAccessConfig.tokenExchange

↩ Parent

OIDC settings for Token Exchange grant used with offline access.

NameTypeDescriptionRequired
clientIdstring

The client ID from the OIDC provider's application configuration settings.

false
providerConfigobject

OIDC provider configuration.

false
scopes[]string

Scopes passed to the OIDC provider in the Device Code request Required scope 'openid' is included by default, any additional scopes will be appended in the Device Code Authorization request.

false
skipClientIdCheckboolean

Instructs JWT validation to ignore the 'aud' claim.

false

OIDC.spec.config.offlineAccessConfig.tokenExchange.providerConfig

↩ Parent

OIDC provider configuration.

NameTypeDescriptionRequired
dynamicobject
false
staticobject
false

OIDC.spec.config.offlineAccessConfig.tokenExchange.providerConfig.dynamic

↩ Parent

NameTypeDescriptionRequired
configurationUristring

OIDC provider's well-known OIDC configuration URI.

true

OIDC.spec.config.offlineAccessConfig.tokenExchange.providerConfig.static

↩ Parent

NameTypeDescriptionRequired
authorizationEndpointstring

The Authorization Endpoint for the OIDC provider.

true
tokenEndpointstring

The Token Endpoint for the OIDC provider.

true
deviceCodeEndpointstring

The Device Code endpoint for the OIDC provider.

false
introspectionEndpointstring

The Introspection endpoint for the OIDC provider.

false
jwksstring

JSON string with the OIDC provider's JSON Web Key Sets.

false
jwksUristring

URI for the OIDC provider's JSON Web Key Sets.

false

OIDC.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false