Aliases for custom claims¶
Generally, you will want to configure your IdP to include custom claims in JWTs issued for Firefly API clients. In that case, you can leave the claim alias fields blank in the configuration.
If you can't issue custom claims, you may be able to use claims that are already defined by your IdP. In the Firefly Configurations settings you can specify the names of those claims, which Firefly will use for authorizing API clients using JWKS or OIDC Discovery.
The alias names can be specified for the following claims:
venafi-firefly.configurationvenafi-firefly.allowedPoliciesvenafi-firefly.allowAllPolicies
When you specify an alias (on the Firefly Configurations page), Firefly looks for the alias claim name value in JWTs for authorizing gRPC, GraphQL, and REST API clients.
You can specify custom values for any (or all) these claims.
If an alias is not specified for the claim, Firefly looks for the default venafi-firefly claim value in JWTs for authorizing gRPC, GraphQL, and REST API clients.