MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-26 07:05:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adds info on policy for STS authentication using web-id (#9289)

Browse Source
This commit is contained in:
ebozduman 2020-04-08 10:34:43 -07:00 committed by GitHub
parent f4e779c964
commit a78731a3ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/sts/web-identity.md
View File

@ -112,6 +112,24 @@ $ go run web-identity.go -cid 204367807228-ok7601k6gj1pgge7m09h7d79co8p35xx.apps
2018/12/26 17:49:36 listening on http://localhost:8080/ 2018/12/26 17:49:36 listening on http://localhost:8080/
``` ```
Note: For a reasonable test outcome, make sure the assumed user has at least permission/policy to list all buckets. That policy would look like below:
```
{
"version": "2012-10-17",
"statement": [
{
"effect": "Allow",
"action": [
"s3:ListAllMyBuckets"
],
"resource": [
"arn:aws:s3:::*"
]
}
]
}
```
## Authorization Flow ## Authorization Flow
- Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant. - Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant.