apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: oauth2clients.hydra.ory.sh annotations: controller-gen.kubebuilder.io/version: v0.2.9 spec: group: hydra.ory.sh names: kind: OAuth2Client listKind: OAuth2ClientList plural: oauth2clients singular: oauth2client scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: OAuth2Client is the Schema for the oauth2clients API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: OAuth2ClientSpec defines the desired state of OAuth2Client properties: metadata: type: object description: Metadata is abritrary data nullable: true x-kubernetes-preserve-unknown-fields: true allowedCorsOrigins: type: array description: AllowedCorsOrigins is an array of allowed CORS origins items: type: string description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ audience: type: array description: Audience is a whitelist defining the audiences this client is allowed to request tokens for items: type: string clientName: type: string description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization. grantTypes: type: array description: GrantTypes is an array of grant types the client is allowed to use. items: type: string description: GrantType represents an OAuth 2.0 grant type enum: - client_credentials - authorization_code - implicit - refresh_token maxItems: 4 minItems: 1 hydraAdmin: type: object description: HydraAdmin is the optional configuration to use for managing this client properties: port: type: integer description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port` maximum: 65535 endpoint: type: string description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application) pattern: (^$|^/.*) forwardedProto: type: string description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified pattern: (^$|https?|off) url: type: string description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url` maxLength: 64 pattern: (^$|^https?://.*) postLogoutRedirectUris: type: array description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application items: type: string description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ redirectUris: type: array description: RedirectURIs is an array of the redirect URIs allowed for the application items: type: string description: RedirectURI represents a redirect URI for the client pattern: \w+:/?/?[^\s]+ responseTypes: type: array description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. items: type: string description: ResponseType represents an OAuth 2.0 response type strings enum: - id_token - code - token maxItems: 3 minItems: 1 scope: type: string description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. pattern: ([a-zA-Z0-9\.\*]+\s?)+ secretName: type: string description: SecretName points to the K8s secret that contains this client's ID and password maxLength: 253 minLength: 1 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' tokenEndpointAuthMethod: type: string allOf: - enum: - client_secret_basic - client_secret_post - private_key_jwt - none - enum: - client_secret_basic - client_secret_post - private_key_jwt - none description: Indication which authentication method shoud be used for the token endpoint required: - grantTypes - scope - secretName status: type: object description: OAuth2ClientStatus defines the observed state of OAuth2Client properties: observedGeneration: type: integer description: ObservedGeneration represents the most recent generation observed by the daemon set controller. format: int64 reconciliationError: type: object description: ReconciliationError represents an error that occurred during the reconciliation process properties: description: type: string description: Description is the description of the reconciliation error statusCode: type: string description: Code is the status code of the reconciliation error served: true storage: true subresources: status: {}