docs: update "Authentication" Plugins

[pottekkat]

Signed-off-by: Navendu Pottekkat navendupottekkat@gmail.com

Description

Updates the documentation of the "Authentication" Plugins.

Child PR of #6734

Sorry for big PR 😅

[juzhiyuan]

Others LGTM

[guitu168]

I will modify the Chinese version synchronously.

[juzhiyuan]

LGTM

[bisakhmondal]

Very long pr : )

[bisakhmondal]

Suggested change

	| vault | object | False | | | Set to true to use Vault for storing and retrieving secret (secret for HS256/HS512 or public_key and private_key for RS256). By default, the Vault path is `kv/apisix/consumer//jwt-auth`. |
	| vault | object | False | | | Set to true to use Vault for storing and retrieving secret (secret for HS256/HS512 or public_key and private_key for RS256). By default, the Vault path is `kv/apisix/consumer/<consumer_name>/jwt-auth`. `consumer_name` is the name of your consumer that you have defined while creating a consumer object in APISIX. |

[bisakhmondal]

Suggested change

	So, if your organization changes the secret/keys (secret for HS256/HS512 or public_key and private_key for RS256) and you don't want to update the APISIX consumer each time or if you don't want to use the key through the Admin API, you can use Vault and the `jwt-auth` Plugin.
	So, if your organization changes the secret/keys (secret for HS256/HS512 or public_key and private_key for RS256) frequently and you don't want to update the APISIX consumer each time or if you don't want to use the key through the Admin API (to reduce secret sprawl), you can enable Vault support into the `jwt-auth` Plugin.

[bisakhmondal]

Let's not use secret/keys here - people might think it's a vault path.

Suggested change

	The current version of Apache APISIX expects the key names of the secret/keys in Vault to be `secret`, `public_key`, `private_key`.
	The current version of Apache APISIX expects the key name of secrets stored in the Vault path is among [ `secret`, `public_key`, `private_key` ]. The first one is for HS256/HS512 and the last two are for the RS256 algorithm.

[bisakhmondal]

Suggested change

	The Plugin will look for a key "secret" in the provided Vault path (`<vault.prefix>/consumer/jack/jwt-auth`) and uses it for JWT authentication.
	The Plugin will look for a key "secret" in the provided Vault path (`<vault.prefix>/consumer/jack/jwt-auth`) and uses it for JWT authentication. The vault prefix can be set in the config yaml file based on the base path that you have chosen while enabling the Vault kv secret engine (eg: `vault secrets enable -path=foobar kv`, you should use `foobar` as `vault.prefix` in the config file).

Just to give some context.

[bisakhmondal]

Please keep this line. It's important to deliver the message.

[pottekkat]

I had moved the line to above the code block. We do mention this.

[bisakhmondal]

Gotcha!

[bisakhmondal]

Also this message is important, can we embed it here somehow as the lookup is dynamic based on the username of the consumer and users should know what would happen if the key path is empty (though obvious but we should be explicit i think). WDYT?

consumer usernamejackmentioned in the consumer config and uses it for subsequent signing and jwt verification. If the key is not found in the same path, the plugin logs error and fails to perform jwt authentication.

[pottekkat]

@bisakhmondal I have made the changes as you suggested. Please review.

[bisakhmondal]

LGTM.

[bisakhmondal]

Gotcha!

[bisakhmondal]

By the way, just curious is it intentional or some debug comment?

[pottekkat]

It was intentional. We can move the docs for the dashboard to a single place. It gets repeated on every page. I commented this out just so that we know we have these images. Can delete these images or repurpose them on different pages in the future.

[bisakhmondal]

Sounds great 👍 . Please make sure you are keeping it tracked in an issue or somewhere so that people know/track the purpose/progress.

[bisakhmondal]

Nice work

[juzhiyuan]

LGTM