Add more granular control on OIDC ID token APIs.
L
Likely Turtle
Currently, Any harness user irrespective of what orgs or what projects he is part of can call these APIs by providing the values in the payload and obtaining the creds. We want this API either should check the permission of the user who is specific to that particular project or this API should only be run from the pipeline itself.
Link to the APIs -
- https://apidocs.harness.io/tag/Oidc-ID-Token/#operation/generateCustomOidcIdToken
- https://apidocs.harness.io/tag/Oidc-ID-Token#operation/generateOidcIdTokenForAws
- https://apidocs.harness.io/tag/Oidc-ID-Token#operation/generateOidcIdTokenForGcp
- https://apidocs.harness.io/tag/Oidc-ID-Token#operation/generateOidcIdTokenForGcp_1
Log In