You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/10/31 13:20:33 UTC
[couchdb] 01/01: Backport missing `roles_claim_name` to 3.2.2-docs
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch backport-missing-roles_claim_name
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit aa867804f4e92a7aadc1068c59d4fa91d098ba6b
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Mon Oct 31 14:20:17 2022 +0100
Backport missing `roles_claim_name` to 3.2.2-docs
---
src/docs/src/config/auth.rst | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/docs/src/config/auth.rst b/src/docs/src/config/auth.rst
index 70ec276e5..da21b5827 100644
--- a/src/docs/src/config/auth.rst
+++ b/src/docs/src/config/auth.rst
@@ -366,3 +366,31 @@ Authentication Configuration
[jwt_auth]
required_claims = exp,iat
+
+.. config:option:: roles_claim_name :: Optional CouchDB roles claim in JWT token
+
+ If presented, as a JSON array of strings, it is used as the CouchDB user's roles
+ list as long as the JWT token is valid. The default value for ``roles_claim_name``
+ is ``_couchdb.roles``.
+
+ .. note::
+ Values for ``roles_claim_name`` can only be top-level attributes in the JWT
+ token.
+
+ Let's assume, we have the following configuration:
+
+ .. code-block:: ini
+
+ [jwt_auth]
+ roles_claim_name = my-couchdb.roles
+
+ CouchDB will search for the attribute ``my-couchdb.roles`` in the JWT token.
+
+ .. code-block:: json
+
+ {
+ "my-couchdb.roles": [
+ "role_1",
+ "role_2"
+ ]
+ }
\ No newline at end of file