projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
17704: Check scope before accepting OIDC access tokens.
[arvados.git] / lib / config / export.go
diff --git a/lib/config/export.go b/lib/config/export.go
index 3d0e27c7224f0c886643ef8be7f671ae8a1a2d74..cdefc0b08336139afec6ab00bb3f1ea83bf4f9ba 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -69,6 +69,7 @@ var whitelist = map[string]bool{
        "API.MaxKeepBlobBuffers":                              false,
        "API.MaxRequestAmplification":                         false,
        "API.MaxRequestSize":                                  true,
+       "API.MaxTokenLifetime":                                false,
        "API.RequestTimeout":                                  true,
        "API.SendTimeout":                                     true,
        "API.WebsocketClientEventQueue":                       false,
@@ -129,7 +130,6 @@ var whitelist = map[string]bool{
        "Containers.SupportedDockerImageFormats":              true,
        "Containers.SupportedDockerImageFormats.*":            true,
        "Containers.UsePreemptibleInstances":                  true,
-       "ForceLegacyAPI14":                                    false,
        "Git":                                                 false,
        "InstanceTypes":                                       true,
        "InstanceTypes.*":                                     true,
@@ -157,6 +157,7 @@ var whitelist = map[string]bool{
        "Login.LDAP.UsernameAttribute":                        false,
        "Login.LoginCluster":                                  true,
        "Login.OpenIDConnect":                                 true,
+       "Login.OpenIDConnect.AcceptAccessTokenScope":          false,
        "Login.OpenIDConnect.AuthenticationRequestParameters": false,
        "Login.OpenIDConnect.ClientID":                        false,
        "Login.OpenIDConnect.ClientSecret":                    false,