## Reporting a Vulnerability

All security bugs in [minio/minio](https://github,com/minio/minio) (or other minio/* repositories)
should be reported by email to ******@****.***. Your email will be acknowledged within 48 hours,
and you'll receive a more detailed response to your email within 72 hours indicating the next steps
in handling your report.

Please, provide a detailed explanation of the issue. In particular, outline the type of the security

  - storage
  - object-storage
  - s3
  - cluster
home: https://min.io
icon: https://min.io/resources/img/logo/MINIO_wordmark.png
sources:
- https://github.com/minio/minio
maintainers:
- name: MinIO, Inc

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         Scopes,
			Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"` + defaultHelpPostfix(Scopes),
			Optional:    true,
			Type:        "csv",
		},
		config.HelpKV{
			Key:         Vendor,

- `jwt:name`
- `jwt:groups`
- `jwt:given_name`
- `jwt:family_name`
- `jwt:middle_name`
- `jwt:nickname`
- `jwt:preferred_username`
- `jwt:profile`
- `jwt:picture`
- `jwt:website`
- `jwt:email`
- `jwt:gender`
- `jwt:birthdate`
- `jwt:phone_number`
- `jwt:address`
- `jwt:scope`
- `jwt:client_id`

Fixes that are allowed a backport must satisfy any of the following criteria's:

- A fix must not be a feature, for example.

```
commit faf013ec84051b92ae0f420a658b8d35bb7bb000
Author: Klaus Post <klauspost@gmail.com>
Date:   Thu Nov 18 12:15:22 2021 -0800

    Improve performance on multiple versions (#13573)
```

- A fix must be a valid fix that was reproduced and seen in a customer environment, for example.

```

```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \
     -config-ep http://127.0.0.1:5556/dex/.well-known/openid-configuration \
     -cscopes groups,openid,email,profile
```

```
~ mc admin policy create admin allaccess.json
```

Contents of `allaccess.json`

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",

# duplicates that aren't also email duplicates): scan the output of:
#   git log --format='%aE - %aN' | sort -uf
#
# For explanation on this file format: man git-shortlog

Anand Babu (AB) Periasamy <******@****.***> Anand Babu (AB) Periasamy <******@****.***>
Anand Babu (AB) Periasamy <******@****.***> <******@****.***>
Anis Elleuch <vadmeste@gmail.com>
Frederick F. Kautz IV <******@****.***> <******@****.***>

claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
comment       (sentence)  optionally add a comment to this setting
```

and ENV based options

```
mc admin config set myminio/ identity_openid --env

KEY:
identity_openid  enable OpenID SSO support

# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't chosen users may be added through the gRPC API.
staticPasswords:
  - email: "******@****.***"
    # bcrypt hash of the string "password"
    hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
    username: "admin"

This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.