oauth2-proxy

History

Peter Triebe a301bcc174 feat: add trusted issuer prefix support for dynamic JWT verification Add a new --trusted-issuer-prefix flag that allows configuring issuer URL prefixes paired with audiences. Any JWT whose issuer starts with a configured prefix will be dynamically verified via OIDC discovery. This is useful for multi-tenant setups (e.g. Keycloak realms) where each tenant has a unique issuer URL under a common prefix, eliminating the need to enumerate every issuer individually. Signed-off-by: Peter Triebe <peter.triebe@de.bosch.com>	2026-05-22 16:06:12 +02:00
..
oidc	feat: add trusted issuer prefix support for dynamic JWT verification	2026-05-22 16:06:12 +02:00
util	feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (#2685 )	2026-03-14 12:04:33 +08:00

Peter Triebe a301bcc174 feat: add trusted issuer prefix support for dynamic JWT verification

Add a new --trusted-issuer-prefix flag that allows configuring issuer URL
prefixes paired with audiences. Any JWT whose issuer starts with a
configured prefix will be dynamically verified via OIDC discovery.

This is useful for multi-tenant setups (e.g. Keycloak realms) where each
tenant has a unique issuer URL under a common prefix, eliminating the need
to enumerate every issuer individually.

Signed-off-by: Peter Triebe <peter.triebe@de.bosch.com>

2026-05-22 16:06:12 +02:00

oidc

feat: add trusted issuer prefix support for dynamic JWT verification

2026-05-22 16:06:12 +02:00

util

feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (#2685 )

2026-03-14 12:04:33 +08:00