Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on PR #12964: URL: https://github.com/apache/apisix/pull/12964#issuecomment-3844768832 Perhaps you should update the PR title as well since now this PR is no longer a doc update? It updates the plugin schema and the expected test results. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2759046515 ## docs/zh/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ description: openid-connect 插件支持与 OpenID Connect (OIDC) 身份提供 | introspection_endpoint_auth_method | string | 否 | client_secret_basic | | 令牌自检端点的身份验证方法。该值应为 `introspection_endpoint_auth_methods_supported` [授权服务器元数据](https://www.rfc-editor.org/rfc/rfc8414.html) 中指定的身份验证方法之一,如众所周知的发现文档中所示,例如 `client_secret_basic`、`client_secret_post`、`private_key_jwt` 和 `client_secret_jwt`。| | token_endpoint_auth_method | string | 否 | client_secret_basic | | 令牌端点的身份验证方法。该值应为 `token_endpoint_auth_methods_supported` [授权服务器元数据](https://www.rfc-editor.org/rfc/rfc8414.html) 中指定的身份验证方法之一,如众所周知的发现文档中所示,例如 `client_secret_basic`、`client_secret_post`、`private_key_jwt` 和 `client_secret_jwt`。如果配置的方法不受支持,则回退到 `token_endpoint_auth_methods_supported` 数组中的第一个方法。| | public_key | string | 否 | | | 用于验证 JWT 签名 id 的公钥使用非对称算法。提供此值来执行令牌验证将跳过客户端凭据流中的令牌自检。您可以以 `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` 格式传递公钥。| -| use_jwks | boolean | 否 | false | | 如果为 true 并且未设置 `public_key`,则使用 JWKS 验证 JWT 签名并跳过客户端凭据流中的令牌自检。JWKS 端点是从发现文档中解析出来的。| +| use_jwks | boolean | 否 | false | | 如果为 true 并且未设置“public_key”,则使用 JWKS 验证 JWT 签名并跳过客户端凭据流程中的令牌自省。JWKS 端点是从发现文档中解析的。| Review Comment: I think you can revert this as well -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
shreemaan-abhishek commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758920164 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | +| use_jwks | boolean | False| false | | 如果为 true 并且未设置“public_key”,则使用 JWKS 验证 JWT 签名并跳过客户端凭据流程中的令牌自省。 JWKS 端点是从发现文档中解析的。 | Review Comment: fixed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758904765 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | +| use_jwks | boolean | False| false | | 如果为 true 并且未设置“public_key”,则使用 JWKS 验证 JWT 签名并跳过客户端凭据流程中的令牌自省。 JWKS 端点是从发现文档中解析的。 | Review Comment: English pls -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
shreemaan-abhishek commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758125223 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | If true and if `public_key` is not set, use the JWKS to verify JWT signature and skip token introspection in client credentials flow. The JWKS endpoint is parsed from the discovery document. | +| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | Review Comment: > The modified description contains less information than before my bad, I didn't pay attention. > Please confirm. true -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758015162 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | If true and if `public_key` is not set, use the JWKS to verify JWT signature and skip token introspection in client credentials flow. The JWKS endpoint is parsed from the discovery document. | +| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | Review Comment: The modified description contains less information than before. From the code it looks like the logic is: > If either `public_key` or `use_jwks` is set, the plugin will verify JWT signature (using the specified public key or JWKS) and skip token introspection. When using JWKS, the endpoint is parsed from the discovery document. Please confirm. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758015162 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | If true and if `public_key` is not set, use the JWKS to verify JWT signature and skip token introspection in client credentials flow. The JWKS endpoint is parsed from the discovery document. | +| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | Review Comment: The modified description contains less information than before. From the code it looks like the logic is: > If either `public_key` or `use_jwks` is set, the plugin will verify JWT signature (using the specified public key or JWKS) and skip token introspection. When using JWKS, the endpoint is parsed from the discovery document. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758015162 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | If true and if `public_key` is not set, use the JWKS to verify JWT signature and skip token introspection in client credentials flow. The JWKS endpoint is parsed from the discovery document. | +| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | Review Comment: The modified description contains less information than before (though is desc before is slight off on the public key front) From the code it looks like the logic is: > If either `public_key` or `use_jwks` is set, the plugin will verify JWT signature (using the specified public key or JWKS) and skip token introspection. When using JWKS, the endpoint is parsed from the discovery document. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] docs(oidc): document use_jwks [apisix]
kayx23 commented on code in PR #12964: URL: https://github.com/apache/apisix/pull/12964#discussion_r2758015162 ## docs/en/latest/plugins/openid-connect.md: ## @@ -55,7 +55,7 @@ The `openid-connect` Plugin supports the integration with [OpenID Connect (OIDC) | introspection_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token introspection endpoint. The value should be one of the authentication methods specified in the `introspection_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. | | token_endpoint_auth_method | string | False| client_secret_basic | | Authentication method for the token endpoint. The value should be one of the authentication methods specified in the `token_endpoint_auth_methods_supported` [authorization server metadata](https://www.rfc-editor.org/rfc/rfc8414.html) as seen in the well-known discovery document, such as `client_secret_basic`, `client_secret_post`, `private_key_jwt`, and `client_secret_jwt`. If the configured method is not supported, fall back to the first method in the `token_endpoint_auth_methods_supported` array. | | public_key | string | False| | | Public key used to verify JWT signature id asymmetric algorithm is used. Providing this value to perform token verification will skip token introspection in client credentials flow. You can pass the public key in `-BEGIN PUBLIC KEY-\\n……\\n-END PUBLIC KEY-` format. | -| use_jwks | boolean | False| false | | If true and if `public_key` is not set, use the JWKS to verify JWT signature and skip token introspection in client credentials flow. The JWKS endpoint is parsed from the discovery document. | +| use_jwks | boolean | False| false | | Whether to use the JWKS(JSON Web Key Set) endpoint to validate the token signature. | Review Comment: The modified description contains less information than before (though the desc before sounds slightly off on the public key front) From the code it looks like the logic is: > If either `public_key` or `use_jwks` is set, the plugin will verify JWT signature (using the specified public key or JWKS) and skip token introspection. When using JWKS, the endpoint is parsed from the discovery document. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
