Skip to content

Commit

Permalink
docs: update openid-connect attributes description and sync CN doc at…
Browse files Browse the repository at this point in the history 
…tributes. (#7371)
  • Loading branch information
@guitu168
guitu168 authored Jul 5, 2022
1 parent b8faf0b commit 2f7833e
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 44 deletions.
47 changes: 24 additions & 23 deletions docs/en/latest/plugins/openid-connect.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,29 +33,30 @@ The `openid-connect` Plugin provides authentication and introspection capability

## Attributes

| Name | Type | Required | Default | Valid values | Description |
|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------|
| client_id | string | True | | | OAuth client ID. |
| client_secret | string | True | | | OAuth client secret. |
| discovery | string | True | | | Discovery endpoint URL of the identity server. |
| scope | string | False | "openid" | | Scope used for authentication. |
| realm | string | False | "apisix" | | Realm used for authentication. |
| bearer_only | boolean | False | false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. |
| logout_path | string | False | "/logout" | | Path for logging out. |
| post_logout_redirect_uri | string | False | | | URL to redirect to after logging out. |
| redirect_uri | string | False | "ngx.var.request_uri" | | URI to which the identity provider redirects back to. |
| timeout | integer | False | 3 | [1,...] | Request timeout time in seconds. |
| ssl_verify | boolean | False | false | | When set to true, verifies the identity provider's SSL certificates. |
| introspection_endpoint | string | False | | | URL of the token verification endpoint of the identity server. |
| introspection_endpoint_auth_method | string | False | "client_secret_basic" | | Authentication method name for token introspection. |
| public_key | string | False | | | Public key to verify the token. |
| use_jwks | boolean | False | | | When set to true, uses the JWKS endpoint of the identity server to verify the token. |
| token_signing_alg_values_expected | string | False | | | Algorithm used for signing the authentication token. |
| set_access_token_header | boolean | False | true | | When set to true, sets the access token in a request header. |
| access_token_in_authorization_header | boolean | False | false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. |
| set_id_token_header | boolean | False | true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. |
| set_userinfo_header | boolean | False | true | | When set to true and the UserInfo object is available, sets it in the `X-Userinfo` request header. |
| set_refresh_token_header | boolean | False | false | | When set to true and a refresh token object is available, sets it in the `X-Refresh-Token` request header. |
| Name | Type | Required | Default | Valid values | Description |
|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------------|
| client_id | string | True | | | OAuth client ID. |
| client_secret | string | True | | | OAuth client secret. |
| discovery | string | True | | | Discovery endpoint URL of the identity server. |
| scope | string | False | "openid" | | Scope used for authentication. |
| realm | string | False | "apisix" | | Realm used for authentication. |
| bearer_only | boolean | False | false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. |
| logout_path | string | False | "/logout" | | Path for logging out. |
| post_logout_redirect_uri | string | False | | | URL to redirect to after logging out. |
| redirect_uri | string | False | "ngx.var.request_uri" | | URI to which the identity provider redirects back to. |
| timeout | integer | False | 3 | [1,...] | Request timeout time in seconds. |
| ssl_verify | boolean | False | false | | When set to true, verifies the identity provider's SSL certificates. |
| introspection_endpoint | string | False | | | URL of the token verification endpoint of the identity server. |
| introspection_endpoint_auth_method | string | False | "client_secret_basic" | | Authentication method name for token introspection. |
| token_endpoint_auth_method | string | False | | | Authentication method name for token endpoint. The default will get the first supported method specified by the OP. |
| public_key | string | False | | | Public key to verify the token. |
| use_jwks | boolean | False | false | | When set to `true`, uses the JWKS endpoint of the identity server to verify the token. |
| token_signing_alg_values_expected | string | False | | | Algorithm used for signing the authentication token. |
| set_access_token_header | boolean | False | true | | When set to true, sets the access token in a request header. |
| access_token_in_authorization_header | boolean | False | false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. |
| set_id_token_header | boolean | False | true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. |
| set_userinfo_header | boolean | False | true | | When set to true and the UserInfo object is available, sets it in the `X-Userinfo` request header. |
| set_refresh_token_header | boolean | False | false | | When set to true and a refresh token object is available, sets it in the `X-Refresh-Token` request header. |

## Modes of operation

Expand Down
45 changes: 24 additions & 21 deletions docs/zh/latest/plugins/openid-connect.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,27 +33,30 @@ description: 本文介绍了关于 Apache APISIX `openid-connect` 插件的基

## 属性

| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ------------------------------------ | ------- | ------ | --------------------- | ------- | ---------------------------------------------------------------------------------------------------- |
| client_id | string || | | OAuth 客户端 ID。 |
| client_secret | string || | | OAuth 客户端 secret。 |
| discovery | string || | | 身份服务器发现端点的 URL。 |
| scope | string || "openid" | | 用于认证的范围。 |
| realm | string || "apisix" | | 用于认证的领域。 |
| bearer_only | boolean || false | | 设置为 `true` 时,将检查请求中带有承载令牌的授权标头。 |
| logout_path | string || "/logout" | | 登出路径。 |
| post_logout_redirect_uri | string || | | 调用登出接口后想要跳转的 URL。 |
| redirect_uri | string || "ngx.var.request_uri" | | 身份提供者重定向返回的 URI。 |
| timeout | integer || 3 | [1,...] | 请求超时时间,单位为秒 |
| ssl_verify | boolean || false | [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。 |
| introspection_endpoint | string || | | 身份服务器的令牌验证端点的 URL。 |
| introspection_endpoint_auth_method | string || "client_secret_basic" | | 令牌自省的认证方法名称。 |
| public_key | string || | | 验证令牌的公钥。 |
| token_signing_alg_values_expected | string || | | 用于对令牌进行签名的算法。 |
| set_access_token_header | boolean || true | [true, false] | 在请求头设置访问令牌。 |
| access_token_in_authorization_header | boolean || false | [true, false] | 当值为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数 `X-Access-Token`|
| set_id_token_header | boolean || true | [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`|
| set_userinfo_header | boolean || true | [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`|
| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ------------------------------------ | ------- | ------ | --------------------- | ------------- | ------------------------------------------------------------------------------------------------ |
| client_id | string || | | OAuth 客户端 ID。 |
| client_secret | string || | | OAuth 客户端 secret。 |
| discovery | string || | | 身份服务器发现端点的 URL。 |
| scope | string || "openid" | | 用于认证的范围。 |
| realm | string || "apisix" | | 用于认证的领域。 |
| bearer_only | boolean || false | | 当设置为 `true` 时,将检查请求中带有承载令牌的授权标头。 |
| logout_path | string || "/logout" | | 登出路径。 |
| post_logout_redirect_uri | string || | | 调用登出接口后想要跳转的 URL。 |
| redirect_uri | string || "ngx.var.request_uri" | | 身份提供者重定向返回的 URI。 |
| timeout | integer || 3 | [1,...] | 请求超时时间,单位为秒 |
| ssl_verify | boolean || false | [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。 |
| introspection_endpoint | string || | | 身份服务器的令牌验证端点的 URL。 |
| introspection_endpoint_auth_method | string || "client_secret_basic" | | 令牌自省的认证方法名称。 |
| token_endpoint_auth_method | string || | | 令牌端点的身份验证方法名称。默认情况将获取 OP 指定的第一个支持的方法。 |
| public_key | string || | | 验证令牌的公钥。 |
| use_jwks | boolean || false | | 当设置为 `true` 时,则会使用身份认证服务器的 JWKS 端点来验证令牌。 |
| token_signing_alg_values_expected | string || | | 用于对令牌进行签名的算法。 |
| set_access_token_header | boolean || true | [true, false] | 在请求头设置访问令牌。 |
| access_token_in_authorization_header | boolean || false | [true, false] | 当设置为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数 `X-Access-Token`|
| set_id_token_header | boolean || true | [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`|
| set_userinfo_header | boolean || true | [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`|
| set_refresh_token_header | boolean || false | | 当设置为 `true` 并且刷新令牌可用时,则会将该属性设置在`X-Refresh-Token`请求头中。 |

## 操作模式

Expand Down

0 comments on commit 2f7833e

Please sign in to comment.