{
"id": "com.publicdomainrelay.temp.compute.config.wif.simple",
"defs": {
"main": {
"key": "tid",
"type": "record",
"record": {
"type": "object",
"required": [
"accept_path",
"issuer_uri",
"to_issue",
"token_path",
"url_path",
"url_route",
"subject"
],
"properties": {
"subject": {
"type": "string",
"description": "The subject of tokens you request MUST follow this format."
},
"to_issue": {
"type": "string",
"description": "The role of the token you will be issued within this compute providers RBAC, this role will allow for token exchange. You don't care about it unless you might be allowed to do other things. Inspect their RBAC policy if you care."
},
"url_path": {
"type": "string",
"description": "Path on disk to file containing URL of token issuance service for requesting subsequent tokens from."
},
"actx_path": {
"type": "string",
"description": "Path to file containing a string representing the auth context which might need to be formatted into the subject"
},
"url_route": {
"type": "string",
"description": "The route against $(cat url_path) you can request new tokens from."
},
"issuer_uri": {
"type": "string",
"description": "OIDC issuer URI, rfp actor configures their RBAC to trust this"
},
"token_path": {
"type": "string",
"description": "Workload identity token which can be used with token issuance service for requesting subsequent tokens to talk to other services."
},
"accept_path": {
"type": "string",
"description": "Path on disk to the "
}
}
},
"description": "Simple Workload Identity Federation parameters used by the requester to obtain a token authorized for the provider."
}
},
"$type": "com.atproto.lexicon.schema",
"lexicon": 1
}