"description":"TokenReviewSpec is a description of the token authentication request.",
"description":"TokenReviewSpec is a description of the token authentication request.",
"properties":{
"properties":{
"audiences":{
"description":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
"type":"array",
"items":{
"type":"string"
}
},
"token":{
"token":{
"description":"Token is the opaque bearer token.",
"description":"Token is the opaque bearer token.",
"description":"TokenReviewStatus is the result of the token authentication request.",
"description":"TokenReviewStatus is the result of the token authentication request.",
"properties":{
"properties":{
"audiences":{
"description":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"type":"array",
"items":{
"type":"string"
}
},
"authenticated":{
"authenticated":{
"description":"Authenticated indicates that the token was associated with a known user.",
"description":"Authenticated indicates that the token was associated with a known user.",
"description":"TokenReviewSpec is a description of the token authentication request.",
"description":"TokenReviewSpec is a description of the token authentication request.",
"properties":{
"properties":{
"audiences":{
"description":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
"type":"array",
"items":{
"type":"string"
}
},
"token":{
"token":{
"description":"Token is the opaque bearer token.",
"description":"Token is the opaque bearer token.",
"description":"TokenReviewStatus is the result of the token authentication request.",
"description":"TokenReviewStatus is the result of the token authentication request.",
"properties":{
"properties":{
"audiences":{
"description":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"type":"array",
"items":{
"type":"string"
}
},
"authenticated":{
"authenticated":{
"description":"Authenticated indicates that the token was associated with a known user.",
"description":"Authenticated indicates that the token was associated with a known user.",
"description":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
}
}
}
}
},
},
...
@@ -410,6 +417,13 @@
...
@@ -410,6 +417,13 @@
"$ref":"v1.UserInfo",
"$ref":"v1.UserInfo",
"description":"User is the UserInfo associated with the provided token."
"description":"User is the UserInfo associated with the provided token."
},
},
"audiences":{
"type":"array",
"items":{
"type":"string"
},
"description":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error":{
"error":{
"type":"string",
"type":"string",
"description":"Error indicates that the token couldn't be checked"
"description":"Error indicates that the token couldn't be checked"
"description":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
}
}
}
}
},
},
...
@@ -410,6 +417,13 @@
...
@@ -410,6 +417,13 @@
"$ref":"v1beta1.UserInfo",
"$ref":"v1beta1.UserInfo",
"description":"User is the UserInfo associated with the provided token."
"description":"User is the UserInfo associated with the provided token."
},
},
"audiences":{
"type":"array",
"items":{
"type":"string"
},
"description":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error":{
"error":{
"type":"string",
"type":"string",
"description":"Error indicates that the token couldn't be checked"
"description":"Error indicates that the token couldn't be checked"
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token’s audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token’s audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.</p></td>
"":"TokenReviewSpec is a description of the token authentication request.",
"":"TokenReviewSpec is a description of the token authentication request.",
"token":"Token is the opaque bearer token.",
"token":"Token is the opaque bearer token.",
"audiences":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
@@ -91,6 +92,7 @@ var map_TokenReviewStatus = map[string]string{
...
@@ -91,6 +92,7 @@ var map_TokenReviewStatus = map[string]string{
"":"TokenReviewStatus is the result of the token authentication request.",
"":"TokenReviewStatus is the result of the token authentication request.",
"authenticated":"Authenticated indicates that the token was associated with a known user.",
"authenticated":"Authenticated indicates that the token was associated with a known user.",
"user":"User is the UserInfo associated with the provided token.",
"user":"User is the UserInfo associated with the provided token.",
"audiences":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"error":"Error indicates that the token couldn't be checked",
"error":"Error indicates that the token couldn't be checked",
"":"TokenReviewSpec is a description of the token authentication request.",
"":"TokenReviewSpec is a description of the token authentication request.",
"token":"Token is the opaque bearer token.",
"token":"Token is the opaque bearer token.",
"audiences":"Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
@@ -50,6 +51,7 @@ var map_TokenReviewStatus = map[string]string{
...
@@ -50,6 +51,7 @@ var map_TokenReviewStatus = map[string]string{
"":"TokenReviewStatus is the result of the token authentication request.",
"":"TokenReviewStatus is the result of the token authentication request.",
"authenticated":"Authenticated indicates that the token was associated with a known user.",
"authenticated":"Authenticated indicates that the token was associated with a known user.",
"user":"User is the UserInfo associated with the provided token.",
"user":"User is the UserInfo associated with the provided token.",
"audiences":"Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"error":"Error indicates that the token couldn't be checked",
"error":"Error indicates that the token couldn't be checked",