[GitHub] [nifi] Lehel44 commented on a diff in pull request #6802: NIFI-11004 Add documentation for OIDC groups claim property

[GitBox <gi...@apache.org>]

Lehel44 commented on code in PR #6802:
URL: https://github.com/apache/nifi/pull/6802#discussion_r1056363577


##########
nifi-docs/src/main/asciidoc/administration-guide.adoc:
##########
@@ -503,6 +503,9 @@ JSON Web Key (JWK) provided through the jwks_uri in the metadata found at the di
 |`nifi.security.user.oidc.additional.scopes` | Comma separated scopes that are sent to OpenId Connect Provider in addition to `openid` and `email`.
 |`nifi.security.user.oidc.claim.identifying.user` | Claim that identifies the user to be logged in; default is `email`. May need to be requested via the `nifi.security.user.oidc.additional.scopes` before usage.
 |`nifi.security.user.oidc.fallback.claims.identifying.user` | Comma separated possible fallback claims used to identify the user in case `nifi.security.user.oidc.claim.identifying.user` claim is not present for the login user.
+|`nifi.security.user.oidc.claim.groups` | Name of the ID token claim that contains an array of group names of which the
+user is a member. Application groups must be supplied from a User Group Provider with matching names in order for the
+authorization process to use ID token claim groups. The default value is `groups`.

Review Comment:
   ```suggestion
   user is a member. Application groups must be supplied by a User Group Provider with matching names for the
   authorization process to use ID token claim groups. The default value is `groups`.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org