torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

vault: request groups scope in OIDC roles
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-09 19:39:10 +01:00
parent 4b1b91aeb0
commit addb8a83e6
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
terraform/vault/oidc.tf
View File

@@ -26,6 +26,7 @@ resource "vault_jwt_auth_backend_role" "admin" {
groups_claim = "groups" groups_claim = "groups"
bound_claims = { groups = "admins" } bound_claims = { groups = "admins" }
role_type = "oidc" role_type = "oidc"
oidc_scopes = ["openid", "profile", "email", "groups"]
allowed_redirect_uris = [ allowed_redirect_uris = [
"https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback", "https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback",
@@ -41,6 +42,7 @@ resource "vault_jwt_auth_backend_role" "default" {
user_claim = "preferred_username" user_claim = "preferred_username"
groups_claim = "groups" groups_claim = "groups"
role_type = "oidc" role_type = "oidc"
oidc_scopes = ["openid", "profile", "email", "groups"]
allowed_redirect_uris = [ allowed_redirect_uris = [
"https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback", "https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback",