Jean-Gabriel Gill-Couture f316bd629b feat(fleet-auth): request Zitadel project roles in-band via OIDC scope (Ch1) ...

Role-gate follow-up from v0.3 plan Ch1:

- `build_login_attempt` appends the `urn:zitadel:iam:org:project:roles` scope,
  so the gate no longer depends on Zitadel's out-of-band "Assert Roles on
  Authentication" checkbox (which silently broke it once). Idempotent if the
  scope is already present.
- docs/guides/operator-dashboard-sso.md step 1b + config reference: drop the
  wrong checkbox instruction, document the in-band scope.

Role extraction stays local to each crate (dashboard object-map; callout
configurable claim path) — two small, genuinely-different parsers, not a
shared crate. Lifting `require_role` to a composable layer is skipped as
YAGNI — only `fleet-admin` exists; revisit at the second role.

2026-06-05 15:25:53 -04:00

..

adding-capabilities.md

docs: Major rehaul of documentation

2026-03-19 22:38:55 -04:00

developer-guide.md

docs: Major rehaul of documentation

2026-03-19 22:38:55 -04:00

fleet-manual-token-mint.md

docs(fleet): manual JWT-bearer mint + NATS write recipe

2026-05-05 01:43:36 -04:00

fleet-staging-install.md

docs(fleet): step-by-step OKD staging install runbook

2026-05-05 12:01:16 -04:00

fleet-zitadel-faq.md

docs(fleet): manual JWT-bearer mint + NATS write recipe

2026-05-05 01:43:36 -04:00

getting-started.md

docs: Fix examples cli in docs

2026-03-19 22:52:05 -04:00

kubernetes-ingress.md

feat(zitadel): URL params, readiness wait, persisted admin password, shared TLS Ingress

2026-05-05 22:08:30 -04:00

operator-dashboard-sso.md

feat(fleet-auth): request Zitadel project roles in-band via OIDC scope (Ch1)

2026-06-05 15:25:53 -04:00

web-auth-security.md

docs: operator dashboard SSO (Zitadel) setup guide

2026-06-01 23:06:45 -04:00

writing-a-score.md

docs: add Score design principles and capability architecture rules

2026-03-28 23:48:12 -04:00

writing-a-topology.md

docs: Major rehaul of documentation

2026-03-19 22:38:55 -04:00