diff options
| -rw-r--r-- | etc/envoy/envoy.yaml | 1 | ||||
| -rw-r--r-- | share/man/ENVOY.md | 12 |
2 files changed, 7 insertions, 6 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index eb4901a..a6977d1 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -173,7 +173,6 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: id_token_provider: - issuer: https://example.com audiences: - OAUTH_CLIENT_ID claim_to_headers: diff --git a/share/man/ENVOY.md b/share/man/ENVOY.md index 7ad8b64..4b5d765 100644 --- a/share/man/ENVOY.md +++ b/share/man/ENVOY.md @@ -775,9 +775,8 @@ and will immediately reject tokens that are invalid. audiences: - OAUTH_CLIENT_ID claim_to_headers: - - header_name: x-jwt-claim-sub - claim_name: sub - forward: true + - claim_name: sub + header_name: x-jwt-claim-sub forward_payload_header: x-jwt-payload from_cookies: - id_token @@ -787,9 +786,12 @@ and will immediately reject tokens that are invalid. uri: https://gitlab.com/oauth/discovery/keys rules: - match: - path: / + prefix: / requires: - provider_name: gitlab_provider + requires_any: + requirements: + - provider_name: gitlab_provider + - allow_missing: {} - name: envoy.filters.http.router # ... ``` |