mirrors/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2026-05-04 20:06:12 +02:00
Code Issues Projects Releases Wiki Activity

chore: Update docs to reflect new oauth parameters

Browse Source 
Signed-off-by: Jorge Turrado <jorge.turrado@mail.schwarz>
This commit is contained in:
Jorge Turrado Ferrero 2025-12-02 22:45:57 +01:00 committed by Jorge Turrado
parent 93edf912a7
commit e69806289a
1 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
docs/configuration/configuration.md
View File

@ -761,16 +761,56 @@ A `tls_config` allows configuring TLS connections.
OAuth 2.0 authentication using the client credentials or password grant type.
Prometheus fetches an access token from the specified endpoint with
the given client access and secret keys.
the given client access and credentials.
```yaml
client_id: <string>
# OAuth2 grant type to use. It can be one of
# "client_credentials" or "urn:ietf:params:oauth:grant-type:jwt-bearer" (RFC 7523).
# Default value is "client_credentials"
[ grant_type: <string> ]
# Client secret to provide to authorization server. Only used if
# GrantType is set empty or set to "client_credentials".
[ client_secret: <secret> ]
# Read the client secret from a file.
# It is mutually exclusive with `client_secret`.
[ client_secret_file: <filename> ]
# RSA key to sign JWT with. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ client_certificate_key: <secret> ]
# Read the RSA key from a file.
# It is mutually exclusive with `client_certificate_key`.
[ client_certificate_key_file: <filename> ]
# JWT kid value to include in the JWT header. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ client_certificate_key_id: <string> ]
# RSA algorithm used to sign JWT token. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
# Default value is RS256 and valid values RS256, RS384, RS512
[ signature_algorithm: <string> ]
# OAuth client identifier used when communicating with
# the configured OAuth provider. Default value is client_id. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ iss: <string> ]
# Intended audience of the request. If empty, the value
# of TokenURL is used as the intended audience. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ audience: <string> ]
# Map of claims to be added to the JWT token. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
claims:
[ <string>: <string> ... ]
# Scopes for the token request.
scopes:
[ - <string> ... ]