coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
aa8e3a4e341362805921dad5063cd89e4c86f415
flex-auth/examples/claims/service-account.yaml
tegwick aa8e3a4e34
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
Align IAM Profile consumption with v0.2
2026-05-22 14:35:30 +02:00

30 lines
759 B
YAML
Raw Blame History

# Claim envelope for a hub-to-hub service account (client_credentials
# grant). Profile-required `service` role, scoped tightly to the
# operation it performs. No preferred_username (service identities are
# named after the service and environment per the profile).
#
# Reference: NetKingdom IAM Profile v0.2 "Service Account Flow".
iss: https://sso.netkingdom.example/realms/netkingdom
sub: svc-markitect-tool-prod
aud:
- flex-auth
exp: 4102444800
iat: 1767225600
tenant: tenant:platform
principal_type: service
azp: svc-markitect-tool-prod
client_id: svc-markitect-tool-prod
scope: hub:read hub:capability
roles:
- service
- operator
groups: []
assurance:
level: aal1
methods:
- client_secret
mfa: false
source: keycloak
at: 1767225600
Reference in New Issue View Git Blame Copy Permalink