mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
91ee7990cc
* website: purge existing directory * website: bulk update from master with changes specific to the upcoming 1.9 release excluded * test: revert envoy_version to 1.14.2 for existing-ca-path golden file
19 lines
1.0 KiB
Plaintext
19 lines
1.0 KiB
Plaintext
## JWT vs OIDC Auth Methods
|
|
|
|
Since both the `oidc` and `jwt` auth methods ultimately operate on JWTs as
|
|
bearer tokens, it may be confusing to know which is right for a given use case.
|
|
|
|
- **JWT**: The user or application performing the Consul login must already be
|
|
in possession of a valid JWT to begin. There is no browser interaction
|
|
required. This is ideal for machine-oriented headless login where an operator
|
|
may have already arranged for a valid JWT to be dropped on a VM or provided
|
|
to a container.
|
|
|
|
- **OIDC**: The user performing the Consul login does not have a JWT nor do
|
|
they even need to know what that means. This is ideal for human-oriented
|
|
interactive login where an operator or administrator may have deployed SSO
|
|
widely and doesn't want to have the burden of tracking and distributing
|
|
Consul ACL tokens to any authorized coworker who may need to have access to a
|
|
Consul instance. Browser interaction is required. **This is only available in
|
|
[Consul Enterprise](https://www.hashicorp.com/products/consul/)**.
|