File tree 1 file changed +19
-3
lines changed
1 file changed +19
-3
lines changed Original file line number Diff line number Diff line change @@ -63,11 +63,19 @@ bearer_token_format: idp_access_token
63
63
BEARER_TOKEN_FORMAT=idp_access_token
64
64
```
65
65
66
+ #### Microsoft Entra
67
+
68
+ The ` az ` CLI can be used to get an access-token:
69
+
70
+ ``` bash
71
+ curl -H " Authorization: $( az account get-access-token --query accessToken --output tsv) " https://example.localhost.pomerium.io
72
+ ```
73
+
66
74
### Options
67
75
68
- - ` default `
69
- - ` idp_access_token `
70
- - ` idp_identity_token `
76
+ - ` default ` : Pass bearer tokens to upstream applications without interpreting them.
77
+ - ` idp_access_token ` : The bearer token will be interpreted as an IdP-issued access token.
78
+ - ` idp_identity_token ` : The bearer token will be interpreted as an IdP-issued identity token.
71
79
72
80
</TabItem >
73
81
<TabItem value = " Enterprise" label = " Enterprise" >
@@ -76,6 +84,14 @@ Set **Bearer Token Format** under **Proxy** settings in the Console:
76
84
77
85
![ Set bearer token format in the Console] ( ./img/global-settings/bearer-token-format.png )
78
86
87
+ ### Options
88
+
89
+ - _ Unset_ : At the route level, use the global setting. At the global level, use "Default".
90
+ - "Unknown": Same as "Default".
91
+ - "Default": Pass bearer tokens to upstream applications without interpreting them.
92
+ - "IDP Access Token": The bearer token will be interpreted as an IdP-issued access token.
93
+ - "IDP Identity Token": The bearer token will be interpreted as an IdP-issued identity token.
94
+
79
95
</TabItem >
80
96
<TabItem value = " Kubernetes" label = " Kubernetes" >
81
97
You can’t perform that action at this time.
0 commit comments