Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: update openid-connect attributes description and sync CN doc attributes. #7371

Merged
merged 7 commits into from
Jul 5, 2022
Merged

docs: update openid-connect attributes description and sync CN doc attributes. #7371

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fdf6ccc
docs: update attributes's description
Jul 2, 2022
e426e70
docs: update openid-connect description
Jul 2, 2022
23a48d3
docs: update openid-connect description
Jul 2, 2022
1accefa
fix: update comment
Jul 4, 2022
29b4843
fix: update comment
Jul 4, 2022
e5c4ecb
fix: update comment
Jul 4, 2022
c35fe4d
docs: fix comment
Jul 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 24 additions & 23 deletions docs/en/latest/plugins/openid-connect.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,29 +33,30 @@ The `openid-connect` Plugin provides authentication and introspection capability

## Attributes

| Name | Type | Required | Default | Valid values | Description |
|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------|
| client_id | string | True | | | OAuth client ID. |
| client_secret | string | True | | | OAuth client secret. |
| discovery | string | True | | | Discovery endpoint URL of the identity server. |
| scope | string | False | "openid" | | Scope used for authentication. |
| realm | string | False | "apisix" | | Realm used for authentication. |
| bearer_only | boolean | False | false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. |
| logout_path | string | False | "/logout" | | Path for logging out. |
| post_logout_redirect_uri | string | False | | | URL to redirect to after logging out. |
| redirect_uri | string | False | "ngx.var.request_uri" | | URI to which the identity provider redirects back to. |
| timeout | integer | False | 3 | [1,...] | Request timeout time in seconds. |
| ssl_verify | boolean | False | false | | When set to true, verifies the identity provider's SSL certificates. |
| introspection_endpoint | string | False | | | URL of the token verification endpoint of the identity server. |
| introspection_endpoint_auth_method | string | False | "client_secret_basic" | | Authentication method name for token introspection. |
| public_key | string | False | | | Public key to verify the token. |
| use_jwks | boolean | False | | | When set to true, uses the JWKS endpoint of the identity server to verify the token. |
| token_signing_alg_values_expected | string | False | | | Algorithm used for signing the authentication token. |
| set_access_token_header | boolean | False | true | | When set to true, sets the access token in a request header. |
| access_token_in_authorization_header | boolean | False | false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. |
| set_id_token_header | boolean | False | true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. |
| set_userinfo_header | boolean | False | true | | When set to true and the UserInfo object is available, sets it in the `X-Userinfo` request header. |
| set_refresh_token_header | boolean | False | false | | When set to true and a refresh token object is available, sets it in the `X-Refresh-Token` request header. |
| Name | Type | Required | Default | Valid values | Description |
|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------------|
| client_id | string | True | | | OAuth client ID. |
| client_secret | string | True | | | OAuth client secret. |
| discovery | string | True | | | Discovery endpoint URL of the identity server. |
| scope | string | False | "openid" | | Scope used for authentication. |
| realm | string | False | "apisix" | | Realm used for authentication. |
| bearer_only | boolean | False | false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. |
| logout_path | string | False | "/logout" | | Path for logging out. |
| post_logout_redirect_uri | string | False | | | URL to redirect to after logging out. |
| redirect_uri | string | False | "ngx.var.request_uri" | | URI to which the identity provider redirects back to. |
| timeout | integer | False | 3 | [1,...] | Request timeout time in seconds. |
| ssl_verify | boolean | False | false | | When set to true, verifies the identity provider's SSL certificates. |
| introspection_endpoint | string | False | | | URL of the token verification endpoint of the identity server. |
| introspection_endpoint_auth_method | string | False | "client_secret_basic" | | Authentication method name for token introspection. |
| token_endpoint_auth_method | string | False | | | Authentication method name for token endpoint. The default will get the first supported method specified by the OP. |
| public_key | string | False | | | Public key to verify the token. |
| use_jwks | boolean | False | false | | When set to `true`, uses the JWKS endpoint of the identity server to verify the token. |
| token_signing_alg_values_expected | string | False | | | Algorithm used for signing the authentication token. |
| set_access_token_header | boolean | False | true | | When set to true, sets the access token in a request header. |
| access_token_in_authorization_header | boolean | False | false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. |
| set_id_token_header | boolean | False | true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. |
| set_userinfo_header | boolean | False | true | | When set to true and the UserInfo object is available, sets it in the `X-Userinfo` request header. |
| set_refresh_token_header | boolean | False | false | | When set to true and a refresh token object is available, sets it in the `X-Refresh-Token` request header. |

## Modes of operation

Expand Down
45 changes: 24 additions & 21 deletions docs/zh/latest/plugins/openid-connect.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,27 +33,30 @@ description: 本文介绍了关于 Apache APISIX `openid-connect` 插件的基

## 属性

| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ------------------------------------ | ------- | ------ | --------------------- | ------- | ---------------------------------------------------------------------------------------------------- |
| client_id | string | 是 | | | OAuth 客户端 ID。 |
| client_secret | string | 是 | | | OAuth 客户端 secret。 |
| discovery | string | 是 | | | 身份服务器发现端点的 URL。 |
| scope | string | 否 | "openid" | | 用于认证的范围。 |
| realm | string | 否 | "apisix" | | 用于认证的领域。 |
| bearer_only | boolean | 否 | false | | 设置为 `true` 时,将检查请求中带有承载令牌的授权标头。 |
| logout_path | string | 否 | "/logout" | | 登出路径。 |
| post_logout_redirect_uri | string | 否 | | | 调用登出接口后想要跳转的 URL。 |
| redirect_uri | string | 否 | "ngx.var.request_uri" | | 身份提供者重定向返回的 URI。 |
| timeout | integer | 否 | 3 | [1,...] | 请求超时时间,单位为秒 |
| ssl_verify | boolean | 否 | false | [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。 |
| introspection_endpoint | string | 否 | | | 身份服务器的令牌验证端点的 URL。 |
| introspection_endpoint_auth_method | string | 否 | "client_secret_basic" | | 令牌自省的认证方法名称。 |
| public_key | string | 否 | | | 验证令牌的公钥。 |
| token_signing_alg_values_expected | string | 否 | | | 用于对令牌进行签名的算法。 |
| set_access_token_header | boolean | 否 | true | [true, false] | 在请求头设置访问令牌。 |
| access_token_in_authorization_header | boolean | 否 | false | [true, false] | 当值为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数 `X-Access-Token`。|
| set_id_token_header | boolean | 否 | true | [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`。 |
| set_userinfo_header | boolean | 否 | true | [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`。 |
| 名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
| ------------------------------------ | ------- | ------ | --------------------- | ------------- | ------------------------------------------------------------------------------------------------ |
| client_id | string | 是 | | | OAuth 客户端 ID。 |
| client_secret | string | 是 | | | OAuth 客户端 secret。 |
| discovery | string | 是 | | | 身份服务器发现端点的 URL。 |
| scope | string | 否 | "openid" | | 用于认证的范围。 |
| realm | string | 否 | "apisix" | | 用于认证的领域。 |
| bearer_only | boolean | 否 | false | | 当设置为 `true` 时,将检查请求中带有承载令牌的授权标头。 |
| logout_path | string | 否 | "/logout" | | 登出路径。 |
| post_logout_redirect_uri | string | 否 | | | 调用登出接口后想要跳转的 URL。 |
| redirect_uri | string | 否 | "ngx.var.request_uri" | | 身份提供者重定向返回的 URI。 |
| timeout | integer | 否 | 3 | [1,...] | 请求超时时间,单位为秒 |
| ssl_verify | boolean | 否 | false | [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。 |
| introspection_endpoint | string | 否 | | | 身份服务器的令牌验证端点的 URL。 |
| introspection_endpoint_auth_method | string | 否 | "client_secret_basic" | | 令牌自省的认证方法名称。 |
| token_endpoint_auth_method | string | 否 | | | 令牌端点的身份验证方法名称。默认情况将获取 OP 指定的第一个支持的方法。 |
| public_key | string | 否 | | | 验证令牌的公钥。 |
| use_jwks | boolean | 否 | false | | 当设置为 `true` 时,则会使用身份认证服务器的 JWKS 端点来验证令牌。 |
| token_signing_alg_values_expected | string | 否 | | | 用于对令牌进行签名的算法。 |
| set_access_token_header | boolean | 否 | true | [true, false] | 在请求头设置访问令牌。 |
| access_token_in_authorization_header | boolean | 否 | false | [true, false] | 当设置为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数 `X-Access-Token`。 |
| set_id_token_header | boolean | 否 | true | [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`。 |
| set_userinfo_header | boolean | 否 | true | [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`。 |
| set_refresh_token_header | boolean | 否 | false | | 当设置为 `true` 并且刷新令牌可用时,则会将该属性设置在`X-Refresh-Token`请求头中。 |

## 操作模式

Expand Down