diff --git a/command/ca/provisioner/provisioner.go b/command/ca/provisioner/provisioner.go index 4d53460ed..4f276b9dd 100644 --- a/command/ca/provisioner/provisioner.go +++ b/command/ca/provisioner/provisioner.go @@ -611,6 +611,11 @@ Use the '--group' flag multiple times to configure multiple groups.`, Name: "scope", Usage: `The list used to validate the scopes extension in an OpenID Connect token. Use the '--scope' flag multiple times to configure multiple scopes.`, + } + oidcRemoveScopeFlag = cli.StringSliceFlag{ + Name: "remove-scope", + Usage: `Remove the used to validate the scopes extension in an OpenID Connect token. +Use the '--remove-scope' flag multiple times to remove multiple scopes.`, } oidcAuthParamFlag = cli.StringSliceFlag{ Name: "auth-param", diff --git a/command/ca/provisioner/update.go b/command/ca/provisioner/update.go index 9db64796c..fa64543fa 100644 --- a/command/ca/provisioner/update.go +++ b/command/ca/provisioner/update.go @@ -129,6 +129,7 @@ SCEP oidcGroupFlag, oidcTenantIDFlag, oidcScopeFlag, + oidcRemoveScopeFlag, oidcAuthParamFlag, // X5C Root Flag