-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: update openid-connect attributes description and sync CN doc attributes. #7371
Conversation
| timeout | integer | False | 3 | [1,...] | Request timeout time in seconds. | | ||
| ssl_verify | boolean | False | false | | When set to true, verifies the identity provider's SSL certificates. | | ||
| introspection_endpoint | string | False | | | URL of the token verification endpoint of the identity server. | | ||
| introspection_endpoint_auth_method | string | False | | | Authentication method name for token introspection, If not specified, the default will use the first value in well_know. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not clear, cc @starsz to have a check 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok.Let me have a check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After digging it into.I found that:
- The default value of
introspection_endpoint_auth_method
is "client_secret_basic", sorry to @hf400159 . - And the
lua-resty-openidc
will use another conf called "token_endpoint_auth_method".It doesn't introduce in the docs, but it can work well in "openid-connection" plugin.
The default value of "token_endpoint_auth_method" will fetch the first supported method specified by the OP.
refer https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L677
So in conclusion, I think we should keep the original doc, and add the new field of "token_endpoint_auth_method" to the docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@starsz fixed. PTAL 😄
Description
update openid-connect attributes description and add CN doc attributes.
add
token_endpoint_auth_method
attributes.Fixes # (issue)
Checklist