upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-23 18:35:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/plugin/pkg/auth/authenticator
History
Kubernetes Submit Queue 016133cf7d Merge pull request #36087 from ericchiang/plugin-auth-oidc-verify-email 
Automatic merge from submit-queue

oidc auth-n plugin: enforce email_verified claim

This change causes the OpenID Connect authenticator to start
enforcing the 'email_verified' claim.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

If the OIDC authenticator uses the 'email' claim as a user's username
and the 'email_verified' is not set to `true`, reject that authentication attempt.

cc @erictune @kubernetes/sig-auth @mlbiam

```release-note
When using OIDC authentication and specifying --oidc-username-claim=email, an `"email_verified":true` claim must be returned from the identity provider.
```
2017-01-04 00:50:31 -08:00
..
password autogenerated 2016-12-29 13:04:10 -08:00
request autogenerated 2016-12-29 13:04:10 -08:00
token Merge pull request #36087 from ericchiang/plugin-auth-oidc-verify-email 2017-01-04 00:50:31 -08:00
BUILD autoupdate BUILD files 2016-12-12 13:30:07 -08:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00