juzhiyuan commented on code in PR #7371:
URL: https://github.com/apache/apisix/pull/7371#discussion_r912566867
##########
docs/zh/latest/plugins/openid-connect.md:
##########
@@ -47,13 +47,15 @@ description: 本文介绍了关于 Apache APISIX `openid-connect` 插件的基
| timeout | integer | 否 | 3
| [1,...] | 请求超时时间,单位为秒
|
| ssl_verify | boolean | 否 | false
| [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。
|
| introspection_endpoint | string | 否 |
| | 身份服务器的令牌验证端点的 URL。
|
-| introspection_endpoint_auth_method | string | 否 |
"client_secret_basic" | | 令牌自省的认证方法名称。
|
+| introspection_endpoint_auth_method | string | 否 |
| | 令牌自省的认证方法名称,如果未指定,则默认使用 well_know 中的第一个值。
|
| public_key | string | 否 |
| | 验证令牌的公钥。
|
+| use_jwks | boolean | 否 |
| | 当设置为 `true` 时,则会使用身份认证服务器的 JWKS 端点来验证令牌。
|
Review Comment:
Hi, could you please add the `default` value?
##########
docs/en/latest/plugins/openid-connect.md:
##########
@@ -33,29 +33,29 @@ The `openid-connect` Plugin provides authentication and
introspection capability
## Attributes
-| Name | Type | Required | Default
| Valid values | Description
|
-|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------|
-| client_id | string | True |
| | OAuth client ID.
|
-| client_secret | string | True |
| | OAuth client secret.
|
-| discovery | string | True |
| | Discovery endpoint URL of the identity server.
|
-| scope | string | False | "openid"
| | Scope used for authentication.
|
-| realm | string | False | "apisix"
| | Realm used for authentication.
|
-| bearer_only | boolean | False | false
| | When set to true, the Plugin will check for if the
authorization header in the request matches a bearer token. |
-| logout_path | string | False | "/logout"
| | Path for logging out.
|
-| post_logout_redirect_uri | string | False |
| | URL to redirect to after logging out.
|
-| redirect_uri | string | False |
"ngx.var.request_uri" | | URI to which the identity provider
redirects back to.
|
-| timeout | integer | False | 3
| [1,...] | Request timeout time in seconds.
|
-| ssl_verify | boolean | False | false
| | When set to true, verifies the identity provider's SSL
certificates. |
-| introspection_endpoint | string | False |
| | URL of the token verification endpoint of the identity
server. |
-| introspection_endpoint_auth_method | string | False |
"client_secret_basic" | | Authentication method name for token
introspection. |
-| public_key | string | False |
| | Public key to verify the token.
|
-| use_jwks | boolean | False |
| | When set to true, uses the JWKS endpoint of the identity
server to verify the token. |
-| token_signing_alg_values_expected | string | False |
| | Algorithm used for signing the authentication token.
|
-| set_access_token_header | boolean | False | true
| | When set to true, sets the access token in a request
header. |
-| access_token_in_authorization_header | boolean | False | false
| | When set to true, sets the access token in the
`Authorization` header. Otherwise, set the `X-Access-Token` header. |
-| set_id_token_header | boolean | False | true
| | When set to true and the ID token is available, sets the
ID token in the `X-ID-Token` request header. |
-| set_userinfo_header | boolean | False | true
| | When set to true and the UserInfo object is available,
sets it in the `X-Userinfo` request header. |
-| set_refresh_token_header | boolean | False | false
| | When set to true and a refresh token object is
available, sets it in the `X-Refresh-Token` request header. |
+| Name | Type | Required | Default
| Valid values | Description
|
+|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------------|
+| client_id | string | True |
| | OAuth client ID.
|
+| client_secret | string | True |
| | OAuth client secret.
|
+| discovery | string | True |
| | Discovery endpoint URL of the identity server.
|
+| scope | string | False | "openid"
| | Scope used for authentication.
|
+| realm | string | False | "apisix"
| | Realm used for authentication.
|
+| bearer_only | boolean | False | false
| | When set to true, the Plugin will check for if the
authorization header in the request matches a bearer token. |
+| logout_path | string | False | "/logout"
| | Path for logging out.
|
+| post_logout_redirect_uri | string | False |
| | URL to redirect to after logging out.
|
+| redirect_uri | string | False |
"ngx.var.request_uri" | | URI to which the identity provider
redirects back to.
|
+| timeout | integer | False | 3
| [1,...] | Request timeout time in seconds.
|
+| ssl_verify | boolean | False | false
| | When set to true, verifies the identity provider's SSL
certificates. |
+| introspection_endpoint | string | False |
| | URL of the token verification endpoint of the identity
server. |
+| introspection_endpoint_auth_method | string | False |
| | Authentication method name for token introspection, If
not specified, the default will use the first value in well_know. |
Review Comment:
I'm not clear, cc @starsz to have a check 🙏
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
