HashiConf 2024 Now streaming live from Boston! Attend for free
Boundary
Boundary Home

auth-methods

Command: boundary auth-methods

The auth-methods command lets you manage the auth method resource in Boundary. The auth method resource provides a mechanism for users to authenticate to Boundary. An auth method contains accounts which link an individual user to a set of credentials. They also contain managed groups which group accounts that satisfy specific criteria, and can be used as principals in roles.

Examples

The following example configures an OIDC auth method where the Boundary cluster address is stored in the BOUNDARY_ADDR, the OIDC provider's client ID is stored in the CLIENT_ID, and the client secret is stored in the CLIENT_SECRET environment variables.

$ boundary auth-methods create oidc \
   -issuer "https://dev-1sdl8c0z.us.auth0.com" \
   -client-id "$CLIENT_ID" \
   -client-secret "$CLIENT_SECRET" \
   -signing-algorithm RS256 \
   -api-url-prefix "$BOUNDARY_ADDR" \
   -name "auth0"

Example output:

Auth Method information:
  Created Time:         Fri, 09 Sep 2022 11:11:55 MDT
  ID:                   amoidc_40fr5jkLpk
  Name:                 auth0
  Type:                 oidc
  Updated Time:         Fri, 09 Sep 2022 11:11:55 MDT
  Version:              1

  Scope:
    ID:                 global
    Name:               global
    Type:               global

  Authorized Actions:
    no-op
    read
    update
    delete
    change-state
    authenticate

  Authorized Actions on Auth Method's Collections:
    accounts:
      create
      list
    managed-groups:
      create
      list

  Attributes:
    api_url_prefix:     https://e58fe114-7624-431c-994d-b6670e90b03J.boundary.hashicorp.cloud
    callback_url:       https://e58fe114-7624-431c-994d-b6670e90b03J.boundary.hashicorp.cloud/v1/auth-methods/oidc:authenticate:callback
    client_id:          zaxJLTZh3n14WqSQ7qQ9onuIVRDaZdzz
    client_secret_hmac: Qc3i8NdnTP6rl4JANIg-a2GXgRW5rEKTp2ReIK_BOng
    issuer:             https://dev-1sdl8c0z.us.auth0.com
    signing_algorithms: [RS256]
    state:              inactive

Usage

Usage: boundary auth-methods [sub command] [options] [args]

  # ...

Subcommands:
    change-state
    create          Create an auth method
    delete          Delete an auth method
    list            List an auth method
    read            Read an auth method
    update          Update an auth method

For more information, examples, and usage, click on the name of the subcommand in the sidebar or one of the links below:

Edit this page on GitHub