diff options
author | Ronny Berndt <ronny@apache.org> | 2022-10-31 14:32:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-31 14:32:18 +0100 |
commit | aeb754de0c057cb80774e06a002d356e2ecbc98c (patch) | |
tree | 312fba2f3f73b20a6bd8a6218f09080420021ea1 | |
parent | 64ad2f0e175a709480be590098a018350a4641e9 (diff) | |
download | couchdb-aeb754de0c057cb80774e06a002d356e2ecbc98c.tar.gz |
Backport missing `roles_claim_name` to 3.2.2-docs (#4250)
Add missing configuration option to the 3.2.2 docs.
-rw-r--r-- | src/docs/src/config/auth.rst | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/docs/src/config/auth.rst b/src/docs/src/config/auth.rst index 70ec276e5..a72eb701d 100644 --- a/src/docs/src/config/auth.rst +++ b/src/docs/src/config/auth.rst @@ -366,3 +366,31 @@ Authentication Configuration [jwt_auth] required_claims = exp,iat + +.. config:option:: roles_claim_name :: Optional CouchDB roles claim in JWT token + + If presented, as a JSON array of strings, it is used as the CouchDB user's roles + list as long as the JWT token is valid. The default value for ``roles_claim_name`` + is ``_couchdb.roles``. + + .. note:: + Values for ``roles_claim_name`` can only be top-level attributes in the JWT + token. + + Let's assume, we have the following configuration: + + .. code-block:: ini + + [jwt_auth] + roles_claim_name = my-couchdb.roles + + CouchDB will search for the attribute ``my-couchdb.roles`` in the JWT token. + + .. code-block:: json + + { + "my-couchdb.roles": [ + "role_1", + "role_2" + ] + } |