### OpenID (no "OpenID Connect") { #openid-not-openid-connect }

Hubo también una especificación "OpenID". Que intentaba resolver lo mismo que **OpenID Connect**, pero no estaba basada en OAuth2.

Entonces, era un sistema completo adicional.

No es muy popular o usado hoy en día.

## OpenAPI { #openapi }

OpenAPI (anteriormente conocido como Swagger) es la especificación abierta para construir APIs (ahora parte de la Linux Foundation).

labels.notification_advance_search=Advanced Search Page
labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL

	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio-go/v7/pkg/set"
	"github.com/minio/minio/internal/auth"
	"github.com/minio/minio/internal/config"
	"github.com/minio/minio/internal/config/identity/openid"
	"github.com/minio/minio/internal/jwt"
	"github.com/minio/pkg/v3/env"
	"github.com/minio/pkg/v3/policy"
	"github.com/minio/pkg/v3/sync/errgroup"
	"github.com/puzpuzpuz/xsync/v3"
	"golang.org/x/sync/singleflight"
)

) (value string, cs ValueSource, isRedacted bool) {
	// cs = ValueSourceAbsent initially as it is iota by default.

	// Initially only support OpenID
	if !resolvableSubsystems.Contains(subSys) {
		return value, cs, isRedacted
	}

	// Check if config param requested is valid.
	defKVS, ok := DefaultKVS[subSys]
	if !ok {

labels.notification_advance_search=Advanced Search Page
labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL

		Description:    "Policy name may not contain comma",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminOpenIDNotEnabled: {
		Code:           "OpenIDNotEnabled",
		Description:    "No enabled OpenID Connect identity providers",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrPolicyTooLarge: {
		Code:           "PolicyTooLarge",
		Description:    "Policy exceeds the maximum allowed document size.",

* kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. ([#58544](https://github.com/kubernetes/kubernetes/pull/58544), [@ericchiang](https://github.com/ericchiang))

		LDAPGroupSearchBase:    globalIAMSys.LDAPConfig.LDAP.GroupSearchBaseDistName,
		LDAPGroupSearchFilter:  globalIAMSys.LDAPConfig.LDAP.GroupSearchFilter,
	}
	s.OpenID = globalIAMSys.OpenIDConfig.GetSettings()
	if s.OpenID.Enabled {
		s.OpenID.Region = globalSite.Region()
	}
	return s
}

func (c *SiteReplicationSys) validateIDPSettings(ctx context.Context, peers []PeerSiteInfo) error {

* Laid the groundwork for OIDC distributed claims handling in the apiserver authentication token checker. A distributed claim allows the OIDC provider to delegate a claim to a separate URL. ([ref](http://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims)). ([#63213](https://github.com/kubernetes/kubernetes/pull/63213), [@filmil](https://github.com/filmil))

- The alpha feature `ServiceAccountIssuerDiscovery` enables publishing OIDC discovery information and service account token verification keys at `/.well-known/openid-configuration` and `/openid/v1/jwks` endpoints by API servers configured to issue service account tokens. ([#80724](https://github.com/kubernetes/kubernetes/pull/80724), [@cceckman](https://github.com/cceckman)) [SIG API Machinery, Auth, Cluster Lifecycle and Testing]...