Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 334 for audiences (0.22 sec)

  2. github.com/istio/istio

    common-protos/k8s.io/api/authentication/v1/generated.proto 

      optional UserInfo user = 2;

  // Audiences are audience identifiers chosen by the authenticator that are
  // compatible with both the TokenReview and token. An identifier is any
  // identifier in the intersection of the TokenReviewSpec audiences and the
  // token's audiences. A client of the TokenReview API that sets the
  // spec.audiences field should validate that a compatible audience identifier
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Mar 11 18:43:24 UTC 2024
    - 6.7K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    staging/src/k8s.io/api/authentication/v1/types.go 

    	// Audiences are audience identifiers chosen by the authenticator that are
	// compatible with both the TokenReview and token. An identifier is any
	// identifier in the intersection of the TokenReviewSpec audiences and the
	// token's audiences. A client of the TokenReview API that sets the
	// spec.audiences field should validate that a compatible audience identifier
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu May 23 17:42:49 UTC 2024
    - 10K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc_test.go 

    				"username": "jane",
				"exp": %d
			}`, valid.Unix()),
			wantErr: `oidc: verify token: oidc: expected audience "my-client" got ["not-my-client"]`,
		},
		{
			// ID tokens may contain multiple audiences:
			// https://openid.net/specs/openid-connect-core-1_0.html#IDToken
			name: "multiple-audiences",
			options: Options{
				JWTAuthenticator: apiserver.JWTAuthenticator{
					Issuer: apiserver.Issuer{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 97.7K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-full-in.yaml 

          notValues: ["not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-not-suffix-requestPrincipals", "*"]
  - when:
    - key: "request.auth.audiences"
      values: ["audiences", "audiences-prefix-*", "*-suffix-audiences", "*"]
      notValues: ["not-audiences", "not-audiences-prefix-*", "*-not-suffix-audiences", "*"]
  - when:
    - key: "request.auth.presenter"
      values: ["presenter", "presenter-prefix-*", "*-suffix-presenter", "*"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Feb 29 18:40:34 UTC 2024
    - 4K bytes
    - Viewed (0)
  6. github.com/istio/istio

    common-protos/k8s.io/api/authentication/v1beta1/generated.proto 

      optional UserInfo user = 2;

  // Audiences are audience identifiers chosen by the authenticator that are
  // compatible with both the TokenReview and token. An identifier is any
  // identifier in the intersection of the TokenReviewSpec audiences and the
  // token's audiences. A client of the TokenReview API that sets the
  // spec.audiences field should validate that a compatible audience identifier
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Mar 11 18:43:24 UTC 2024
    - 5.2K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    staging/src/k8s.io/api/authentication/v1/generated.proto 

      // identifier in the intersection of the TokenReviewSpec audiences and the
  // token's audiences. A client of the TokenReview API that sets the
  // spec.audiences field should validate that a compatible audience identifier
  // is returned in the status.audiences field to ensure that the TokenReview
  // server is audience aware. If a TokenReview returns an empty
  // status.audience field where status.authenticated is "true", the token is
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Mar 28 15:34:11 UTC 2024
    - 7.7K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    staging/src/k8s.io/api/authentication/v1beta1/generated.proto 

      // identifier in the intersection of the TokenReviewSpec audiences and the
  // token's audiences. A client of the TokenReview API that sets the
  // spec.audiences field should validate that a compatible audience identifier
  // is returned in the status.audiences field to ensure that the TokenReview
  // server is audience aware. If a TokenReview returns an empty
  // status.audience field where status.authenticated is "true", the token is
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Mar 28 15:34:11 UTC 2024
    - 5.3K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go 

    func (v *idTokenVerifier) verifyAudience(t *oidc.IDToken) error {
	// We validate audience field is not empty in the authentication configuration.
	// This check ensures callers of "Verify" using idTokenVerifier are not passing
	// an empty audience.
	if v.audiences.Len() == 0 {
		return fmt.Errorf("oidc: invalid configuration, audiences cannot be empty")
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Mar 09 19:29:33 UTC 2024
    - 37.9K bytes
    - Viewed (0)
  10. github.com/istio/istio

    tests/integration/security/testdata/authz/jwt.yaml.tmpl 

    # - Allow request with valid JWT token to access path /jwt1
# - Allow request with valid JWT token of presenter bar to access path with suffix "/presenter"
# - Allow request with valid JWT token of audiences foo to access path with suffix "/audiences"

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ .To.ServiceName }}
spec:
  selector:
    matchLabels:
      "app": "{{ .To.ServiceName }}"
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 08 23:36:51 UTC 2024
    - 3K bytes
    - Viewed (0)
  11. github.com/istio/istio

    pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-in.yaml 

              notValues: ["not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-not-suffix-requestPrincipals", "*"]
        - key: "request.auth.audiences"
          values: ["audiences", "audiences-prefix-*", "*-suffix-audiences", "*"]
          notValues: ["not-audiences", "not-audiences-prefix-*", "*-not-suffix-audiences", "*"]
        - key: "request.auth.presenter"
          values: ["presenter", "presenter-prefix-*", "*-suffix-presenter", "*"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sat Apr 20 01:58:53 UTC 2024
    - 4.1K bytes
    - Viewed (0)
Back to top