minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Update common-minio-oidc.rst

Browse Source 
jwt:PreferredUsername -> jwt:preferred_username
This commit is contained in:
Ravind Kumar
2024-01-23 10:17:11 -05:00
committed by GitHub
parent e7d76fd1db
commit 6f00040411
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
source/includes/common/common-minio-oidc.rst
View File

@ -81,7 +81,7 @@ Each variable corresponds to a claim returned as part of the authenticated user'
See the `OpenID Connect Core 1.0 <https://openid.net/specs/openid-connect-core-1_0.html>`__ document for more information on these scopes. See the `OpenID Connect Core 1.0 <https://openid.net/specs/openid-connect-core-1_0.html>`__ document for more information on these scopes.
Your OIDC provider of choice may have more specific documentation. Your OIDC provider of choice may have more specific documentation.
For example, the following policy uses variables to substitute the authenticated user's ``PreferredUsername`` as part of the ``Resource`` field such that the user can only access those prefixes which match their username: For example, the following policy uses variables to substitute the authenticated user's ``preferred_username`` as part of the ``Resource`` field such that the user can only access those prefixes which match their username:
.. code-block:: json .. code-block:: json
@ -92,7 +92,7 @@ For example, the following policy uses variables to substitute the authenticated
"Action": ["s3:ListBucket"], "Action": ["s3:ListBucket"],
"Effect": "Allow", "Effect": "Allow",
"Resource": ["arn:aws:s3:::mybucket"], "Resource": ["arn:aws:s3:::mybucket"],
"Condition": {"StringLike": {"s3:prefix": ["${jwt:PreferredUsername}/*"]}} "Condition": {"StringLike": {"s3:prefix": ["${jwt:preferred_username}/*"]}}
}, },
{ {
"Action": [ "Action": [
@ -100,12 +100,12 @@ For example, the following policy uses variables to substitute the authenticated
"s3:PutObject" "s3:PutObject"
], ],
"Effect": "Allow", "Effect": "Allow",
"Resource": ["arn:aws:s3:::mybucket/${jwt:PreferredUsername}/*"] "Resource": ["arn:aws:s3:::mybucket/${jwt:preferred_username}/*"]
} }
] ]
} }
MinIO replaces the ``${jwt:PreferredUsername}`` variable in the ``Resource`` field with the value of the ``PreferredUsername`` in the JWT token. MinIO replaces the ``${jwt:preferred_username}`` variable in the ``Resource`` field with the value of the ``preferred_username`` in the JWT token.
MinIO then evaluates the policy and grants or revokes access to the requested API and resource. MinIO then evaluates the policy and grants or revokes access to the requested API and resource.
.. end-minio-oidc-policy-variables .. end-minio-oidc-policy-variables