more quotes around attribute values in documentation

config/ac_oauth2.go

@@ -27,15 +27,15 @@ type OAuth2AC struct {
 	BackendName             string             `hcl:"backend,optional" docs:"[{backend} block](backend) reference."`
 	ClientID                string             `hcl:"client_id" docs:"The client identifier."`
 	ClientSecret            string             `hcl:"client_secret,optional" docs:"The client password."`
-	GrantType               string             `hcl:"grant_type" docs:"The grant type. Required, to be set to: {authorization_code}"`
+	GrantType               string             `hcl:"grant_type" docs:"The grant type. Required, to be set to: {\"authorization_code\"}"`
 	JWTSigningProfile       *JWTSigningProfile `hcl:"jwt_signing_profile,block"`
 	Name                    string             `hcl:"name,label"`
 	RedirectURI             string             `hcl:"redirect_uri" docs:"The Couper endpoint for receiving the authorization code. Relative URL references are resolved against the origin of the current request URL. The origin can be changed with the [{accept_forwarded_url} attribute](settings) if Couper is running behind a proxy."`
 	Remain                  hcl.Body           `hcl:",remain"`
 	Scope                   string             `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
 	TokenEndpoint           string             `hcl:"token_endpoint" docs:"The authorization server endpoint URL used for requesting the token."`
 	TokenEndpointAuthMethod *string            `hcl:"token_endpoint_auth_method,optional" docs:"Defines the method to authenticate the client at the token endpoint. If set to {\"client_secret_post\"}, the client credentials are transported in the request body. If set to {\"client_secret_basic\"}, the client credentials are transported via Basic Authentication. If set to {\"client_secret_jwt\"}, the client is authenticated via a JWT signed with the {client_secret}. If set to {\"private_key_jwt\"}, the client is authenticated via a JWT signed with its private key (see {jwt_signing_profile} block)." default:"client_secret_basic"`
-	VerifierMethod          string             `hcl:"verifier_method" docs:"The method to verify the integrity of the authorization code flow. Available values: {ccm_s256} ({code_challenge} parameter with {code_challenge_method} {S256}), {state} ({state} parameter)"`
+	VerifierMethod          string             `hcl:"verifier_method" docs:"The method to verify the integrity of the authorization code flow. Available values: {\"ccm_s256\"} ({code_challenge} parameter with {code_challenge_method} {S256}), {\"state\"} ({state} parameter)"`
 
 	// internally used
 	Backend *hclsyntax.Body

config/oauth2ra.go

@@ -31,19 +31,19 @@ var (
 
 // OAuth2ReqAuth represents the oauth2 block in a backend block.
 type OAuth2ReqAuth struct {
-	AssertionExpr           hcl.Expression     `hcl:"assertion,optional" docs:"The assertion (JWT for jwt-bearer flow). Required if {grant_type} is {urn:ietf:params:oauth:grant-type:jwt-bearer} and no nested {jwt_signing_profile} block is present." type:"string"`
+	AssertionExpr           hcl.Expression     `hcl:"assertion,optional" docs:"The assertion (JWT for jwt-bearer flow). Required if {grant_type} is {\"urn:ietf:params:oauth:grant-type:jwt-bearer\"} and no nested {jwt_signing_profile} block is present." type:"string"`
 	BackendName             string             `hcl:"backend,optional" docs:"[{backend} block](backend) reference."`
-	ClientID                string             `hcl:"client_id,optional" docs:"The client identifier. Required unless the {grant_type} is {urn:ietf:params:oauth:grant-type:jwt-bearer}."`
-	ClientSecret            string             `hcl:"client_secret,optional" docs:"The client password. Required unless the {grant_type} is {urn:ietf:params:oauth:grant-type:jwt-bearer}."`
-	GrantType               string             `hcl:"grant_type" docs:"Required, valid values: {client_credentials}, {password}, {urn:ietf:params:oauth:grant-type:jwt-bearer}"`
+	ClientID                string             `hcl:"client_id,optional" docs:"The client identifier. Required unless the {grant_type} is {\"urn:ietf:params:oauth:grant-type:jwt-bearer\"}."`
+	ClientSecret            string             `hcl:"client_secret,optional" docs:"The client password. Required unless the {grant_type} is {\"urn:ietf:params:oauth:grant-type:jwt-bearer\"}."`
+	GrantType               string             `hcl:"grant_type" docs:"Required, valid values: {\"client_credentials\"}, {\"password\"}, {\"urn:ietf:params:oauth:grant-type:jwt-bearer\"}"`
 	JWTSigningProfile       *JWTSigningProfile `hcl:"jwt_signing_profile,block"`
-	Password                string             `hcl:"password,optional" docs:"The (service account's) password (for password flow). Required if grant_type is {password}."`
+	Password                string             `hcl:"password,optional" docs:"The (service account's) password (for password flow). Required if grant_type is {\"password\"}."`
 	Remain                  hcl.Body           `hcl:",remain"`
 	Retries                 *uint8             `hcl:"retries,optional" default:"1" docs:"The number of retries to get the token and resource, if the resource-request responds with {401 Unauthorized} HTTP status code."`
 	Scope                   string             `hcl:"scope,optional" docs:"A space separated list of requested scope values for the access token."`
 	TokenEndpoint           string             `hcl:"token_endpoint,optional" docs:"URL of the token endpoint at the authorization server."`
 	TokenEndpointAuthMethod *string            `hcl:"token_endpoint_auth_method,optional" docs:"Defines the method to authenticate the client at the token endpoint. If set to {\"client_secret_post\"}, the client credentials are transported in the request body. If set to {\"client_secret_basic\"}, the client credentials are transported via Basic Authentication. If set to {\"client_secret_jwt\"}, the client is authenticated via a JWT signed with the {client_secret}. If set to {\"private_key_jwt\"}, the client is authenticated via a JWT signed with its private key (see {jwt_signing_profile} block)." default:"client_secret_basic"`
-	Username                string             `hcl:"username,optional" docs:"The (service account's) username (for password flow). Required if grant_type is {password}."`
+	Username                string             `hcl:"username,optional" docs:"The (service account's) username (for password flow). Required if grant_type is {\"password\"}."`
 }
 
 // Reference implements the <BackendReference> interface.

docs/website/content/2.configuration/4.block/beta_oauth2.md

@@ -45,7 +45,7 @@ values: [
   },
   {
     "default": "",
-    "description": "The grant type. Required, to be set to: `authorization_code`",
+    "description": "The grant type. Required, to be set to: `\"authorization_code\"`",
     "name": "grant_type",
     "type": "string"
   },
@@ -75,7 +75,7 @@ values: [
   },
   {
     "default": "",
-    "description": "The method to verify the integrity of the authorization code flow. Available values: `ccm_s256` (`code_challenge` parameter with `code_challenge_method` `S256`), `state` (`state` parameter)",
+    "description": "The method to verify the integrity of the authorization code flow. Available values: `\"ccm_s256\"` (`code_challenge` parameter with `code_challenge_method` `S256`), `\"state\"` (`state` parameter)",
     "name": "verifier_method",
     "type": "string"
   },

docs/website/content/2.configuration/4.block/oauth2.md

@@ -17,7 +17,7 @@ A nested `jwt_signing_profile` block is used in two cases:
 values: [
   {
     "default": "",
-    "description": "The assertion (JWT for jwt-bearer flow). Required if `grant_type` is `urn:ietf:params:oauth:grant-type:jwt-bearer` and no nested `jwt_signing_profile` block is present.",
+    "description": "The assertion (JWT for jwt-bearer flow). Required if `grant_type` is `\"urn:ietf:params:oauth:grant-type:jwt-bearer\"` and no nested `jwt_signing_profile` block is present.",
     "name": "assertion",
     "type": "string"
   },
@@ -29,25 +29,25 @@ values: [
   },
   {
     "default": "",
-    "description": "The client identifier. Required unless the `grant_type` is `urn:ietf:params:oauth:grant-type:jwt-bearer`.",
+    "description": "The client identifier. Required unless the `grant_type` is `\"urn:ietf:params:oauth:grant-type:jwt-bearer\"`.",
     "name": "client_id",
     "type": "string"
   },
   {
     "default": "",
-    "description": "The client password. Required unless the `grant_type` is `urn:ietf:params:oauth:grant-type:jwt-bearer`.",
+    "description": "The client password. Required unless the `grant_type` is `\"urn:ietf:params:oauth:grant-type:jwt-bearer\"`.",
     "name": "client_secret",
     "type": "string"
   },
   {
     "default": "",
-    "description": "Required, valid values: `client_credentials`, `password`, `urn:ietf:params:oauth:grant-type:jwt-bearer`",
+    "description": "Required, valid values: `\"client_credentials\"`, `\"password\"`, `\"urn:ietf:params:oauth:grant-type:jwt-bearer\"`",
     "name": "grant_type",
     "type": "string"
   },
   {
     "default": "",
-    "description": "The (service account's) password (for password flow). Required if grant_type is `password`.",
+    "description": "The (service account's) password (for password flow). Required if grant_type is `\"password\"`.",
     "name": "password",
     "type": "string"
   },
@@ -77,7 +77,7 @@ values: [
   },
   {
     "default": "",
-    "description": "The (service account's) username (for password flow). Required if grant_type is `password`.",
+    "description": "The (service account's) username (for password flow). Required if grant_type is `\"password\"`.",
     "name": "username",
     "type": "string"
   }