Updating Vault docs for JWT support of numeric bound_claims (#24921)

* Add a note that the role name is available as role in entity alias metadata * Update JWT docs for numeric bound_claims
hashicorp · Jan 18, 2024 · f4978b3 · f4978b3
1 parent 5f3ff6b
commit f4978b3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/website/content/api-docs/auth/jwt.mdx b/website/content/api-docs/auth/jwt.mdx
@@ -134,11 +134,11 @@ entities attempting to login. At least one of the bound values must be set.
 - `bound_subject` `(string: <optional>)` - If set, requires that the `sub`
   claim matches this value.
 - `bound_claims` `(map: <optional>)` - If set, a map of claims (keys) to match against respective claim values (values).
-  The expected value may be a single string or a list of strings. The interpretation of the bound
+  Each expected value may be a string, integer, boolean or a list of strings. The interpretation of the bound
   claim values is configured with `bound_claims_type`. Keys support [JSON pointer](/vault/docs/auth/jwt#claim-specifications-and-json-pointer)
   syntax for referencing claims.
 - `bound_claims_type` `(string: "string")` - Configures the interpretation of the bound_claims values.
-  If `"string"` (the default), the values will treated as string literals and must match exactly.
+  If `"string"` (the default), the values will be treated as literals and must match exactly.
   If set to `"glob"`, the values will be interpreted as globs, with `*` matching any number of
   characters.
 - `groups_claim` `(string: <optional>)` - The claim to use to uniquely identify

diff --git a/website/content/docs/auth/jwt/index.mdx b/website/content/docs/auth/jwt/index.mdx
@@ -339,7 +339,8 @@ This specifies that the value in the JWT claim "division" should be copied to th
 "department" claim value will also be copied into metadata but will retain the key name. If a claim is configured in `claim_mappings`,
 it must existing in the JWT or else the authentication will fail.
 
-Note: the metadata key name "role" is reserved and may not be used for claim mappings.
+Note: the metadata key name "role" is reserved and may not be used for claim mappings. Since Vault 1.16 the role name is available 
+by the key `role` in the alias metadata of the entity after a successful login.
 
 ### Claim specifications and JSON pointer