(apisix) branch master updated: docs: update `openid-connect` plugin `refresh_session_interval` attribute (#10609)

[monkeydluffy]

This is an automated email from the ASF dual-hosted git repository.

monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 27dc15ff9 docs: update `openid-connect` plugin 
`refresh_session_interval` attribute (#10609)
27dc15ff9 is described below

commit 27dc15ff94f42c6ee2e8a4b48387b86ed9d50c65
Author: qianxin <baqian...@163.com>
AuthorDate: Fri Dec 8 12:06:05 2023 +0800

    docs: update `openid-connect` plugin `refresh_session_interval` attribute 
(#10609)
---
 apisix/plugins/openid-connect.lua        | 3 +--
 docs/en/latest/plugins/openid-connect.md | 2 +-
 docs/zh/latest/plugins/openid-connect.md | 2 +-
 t/plugin/openid-connect.t                | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/apisix/plugins/openid-connect.lua 
b/apisix/plugins/openid-connect.lua
index 08f768673..dc0c53d2e 100644
--- a/apisix/plugins/openid-connect.lua
+++ b/apisix/plugins/openid-connect.lua
@@ -191,8 +191,7 @@ local schema = {
         },
         refresh_session_interval = {
             description = "Time interval to refresh user ID token without 
re-authentication.",
-            type = "integer",
-            default = 900
+            type = "integer"
         },
         iat_slack = {
             description = "Tolerance of clock skew in seconds with the iat 
claim in an ID token.",
diff --git a/docs/en/latest/plugins/openid-connect.md 
b/docs/en/latest/plugins/openid-connect.md
index ed3dbafd6..729d5e090 100644
--- a/docs/en/latest/plugins/openid-connect.md
+++ b/docs/en/latest/plugins/openid-connect.md
@@ -74,7 +74,7 @@ description: OpenID Connect allows the client to obtain user 
information from th
 | client_jwt_assertion_expires_in | integer | False | 60 |  | Life duration of 
the signed JWT in seconds. |
 | renew_access_token_on_expiry | boolean | False | true |  | If true, attempt 
to silently renew the access token when it expires or if a refresh token is 
available. If the token fails to renew, redirect user for re-authentication. |
 | access_token_expires_in | integer | False |  |  | Lifetime of the access 
token in seconds if no `expires_in` attribute is present in the token endpoint 
response. |
-| refresh_session_interval | integer | False | 900 |  | Time interval to 
refresh user ID token without requiring re-authentication. |
+| refresh_session_interval | integer | False |  |  | Time interval to refresh 
user ID token without requiring re-authentication. When not set, it will not 
check the expiration time of the session issued to the client by the gateway. 
If set to 900, it means refreshing the user's id_token (or session in the 
browser) after 900 seconds without requiring re-authentication. |
 | iat_slack | integer | False | 120 |  | Tolerance of clock skew in seconds 
with the `iat` claim in an ID token. |
 | accept_none_alg | boolean | False | false |  | Set to true if the OpenID 
provider does not sign its ID token, such as when the signature algorithm is 
set to `none`. |
 | accept_unsupported_alg | boolean | False | true |  | If true, ignore ID 
token signature to accept unsupported signature algorithm. |
diff --git a/docs/zh/latest/plugins/openid-connect.md 
b/docs/zh/latest/plugins/openid-connect.md
index 0e38e0bdb..766afd514 100644
--- a/docs/zh/latest/plugins/openid-connect.md
+++ b/docs/zh/latest/plugins/openid-connect.md
@@ -74,7 +74,7 @@ description: OpenID Connect（OIDC）是基于 OAuth 2.0 的身份认证协议
 | client_jwt_assertion_expires_in | integer | 否    | 60            |           
  | 签名 JWT 的生存期，以秒为单位。 |
 | renew_access_token_on_expiry    | boolean | 否    | true          |           
  | 如果为 true，在访问令牌过期或存在刷新令牌时，尝试静默更新访问令牌。如果令牌无法更新，则重定向用户进行重新认证。  |
 | access_token_expires_in         | integer | 否    |               |           
  | 访问令牌的生命周期，以秒为单位，如果令牌终端响应中不存在 `expires_in` 属性。  |
-| refresh_session_interval        | integer | 否    | 900           |           
  | 刷新用户 ID 令牌而无需重新进行身份验证的时间间隔，以秒为单位。  |
+| refresh_session_interval        | integer | 否    | 900           |           
  | 刷新用户 ID 令牌而无需重新进行身份验证的时间间隔，以秒为单位。若未设置，则不会检查网关向客户端签发的 ID 令牌（如浏览器中的 
session）过期时间。如果设置为 900，意味着在 900 秒后刷新用户的 ID 令牌（如浏览器中的 session），而无需重新进行身份验证。  |
 | iat_slack                       | integer | 否    | 120           |           
  | 与 ID 令牌中的 `iat` 声明的时钟偏差容忍度，以秒为单位。  |
 | accept_none_alg                 | boolean | 否    | false         |           
  | 如果 OpenID 提供程序不对其 ID 令牌进行签名将其设置为 true。  |
 | accept_unsupported_alg          | boolean | 否    | true          |           
  | 如果为 true，忽略 ID 令牌签名以接受不支持的签名算法。 |
diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t
index 23b201e9e..a62ef771b 100644
--- a/t/plugin/openid-connect.t
+++ b/t/plugin/openid-connect.t
@@ -876,7 +876,7 @@ OIDC introspection failed: invalid token
         }
     }
 --- response_body
-{"accept_none_alg":false,"accept_unsupported_alg":true,"access_token_expires_leeway":0,"access_token_in_authorization_header":false,"bearer_only":false,"client_id":"kbyuFDidLLm280LIwVFiazOqjO3ty8KH","client_jwt_assertion_expires_in":60,"client_secret":"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa","discovery":"http://127.0.0.1:1980/.well-known/openid-configuration","force_reauthorize":false,"iat_slack":120,"introspection_endpoint_auth_method":"client_secret_basic","in
 [...]
+{"accept_none_alg":false,"accept_unsupported_alg":true,"access_token_expires_leeway":0,"access_token_in_authorization_header":false,"bearer_only":false,"client_id":"kbyuFDidLLm280LIwVFiazOqjO3ty8KH","client_jwt_assertion_expires_in":60,"client_secret":"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa","discovery":"http://127.0.0.1:1980/.well-known/openid-configuration","force_reauthorize":false,"iat_slack":120,"introspection_endpoint_auth_method":"client_secret_basic","in
 [...]