Skip to content

Commit e86540d

Browse files
authored
update oidc doc adding example for adding new ci providers (#1780)
Signed-off-by: Javan lacerda <[email protected]>
1 parent 0ef04fd commit e86540d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

docs/oidc.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ Sigstore runs a federated OIDC identity provider, Dex. Users authenticate to the
1111
To add a new OIDC issuer:
1212

1313
* Add the new issuer to the [configuration](https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml).
14-
* Attention: If your issuer is for a CI provider, you should set the `type` as `ci-provider` and set the field `ci-provider` with the name of your provider. You should also fill the `ci-issuer-metadata` with the `default-template-values`, `extension-templates` and `subject-alternative-name-template`, following the pattern defined on the example ([example](tbd after migrating the github to ci-provider)).
14+
* Attention: If your issuer is for a CI provider, you should set the `type` as `ci-provider` and set the field `ci-provider` with the name of your provider. You should also fill the `ci-issuer-metadata` with the `default-template-values`, `extension-templates` and `subject-alternative-name-template`, following the pattern defined on the [example](https://github.com/sigstore/fulcio/commit/9f02ba2924c6f8a0b46861b3585cb497a7560454).
1515
* Important notes: The `extension-templates` and the `subject-alternative-name-template` follows the templates [pattern](https://pkg.go.dev/text/template). The name used to fill the `ci-provider` field has to be the same used as key for `ci-issuer-metadata`, we suggest to use a variable for this. If you set a `default-template-value` with the same name of a claim key, the claimed value will have priority over the default one.
1616
* If your issuer is not for a CI provider, you need to follow the next steps:
1717
* Add the new issuer to the [`identity` folder](https://github.com/sigstore/fulcio/tree/main/pkg/identity) ([example](https://github.com/sigstore/fulcio/tree/main/pkg/identity/email)). You will define an `Issuer` type and a way to map the token to the certificate extensions.

0 commit comments

Comments
 (0)