This is an automated email from the ASF dual-hosted git repository.
juzhiyuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 2f7833e07 docs: update openid-connect attributes description and sync
CN doc attributes. (#7371)
2f7833e07 is described below
commit 2f7833e07479610ed5c8148399c347df85c20b96
Author: HanFei <[email protected]>
AuthorDate: Tue Jul 5 11:09:46 2022 +0800
docs: update openid-connect attributes description and sync CN doc
attributes. (#7371)
---
docs/en/latest/plugins/openid-connect.md | 47 ++++++++++++++++----------------
docs/zh/latest/plugins/openid-connect.md | 45 ++++++++++++++++--------------
2 files changed, 48 insertions(+), 44 deletions(-)
diff --git a/docs/en/latest/plugins/openid-connect.md
b/docs/en/latest/plugins/openid-connect.md
index 5b33e5d53..5e3ac02b1 100644
--- a/docs/en/latest/plugins/openid-connect.md
+++ b/docs/en/latest/plugins/openid-connect.md
@@ -33,29 +33,30 @@ The `openid-connect` Plugin provides authentication and
introspection capability
## Attributes
-| Name | Type | Required | Default
| Valid values | Description
|
-|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------|
-| client_id | string | True |
| | OAuth client ID.
|
-| client_secret | string | True |
| | OAuth client secret.
|
-| discovery | string | True |
| | Discovery endpoint URL of the identity server.
|
-| scope | string | False | "openid"
| | Scope used for authentication.
|
-| realm | string | False | "apisix"
| | Realm used for authentication.
|
-| bearer_only | boolean | False | false
| | When set to true, the Plugin will check for if the
authorization header in the request matches a bearer token. |
-| logout_path | string | False | "/logout"
| | Path for logging out.
|
-| post_logout_redirect_uri | string | False |
| | URL to redirect to after logging out.
|
-| redirect_uri | string | False |
"ngx.var.request_uri" | | URI to which the identity provider
redirects back to.
|
-| timeout | integer | False | 3
| [1,...] | Request timeout time in seconds.
|
-| ssl_verify | boolean | False | false
| | When set to true, verifies the identity provider's SSL
certificates. |
-| introspection_endpoint | string | False |
| | URL of the token verification endpoint of the identity
server. |
-| introspection_endpoint_auth_method | string | False |
"client_secret_basic" | | Authentication method name for token
introspection. |
-| public_key | string | False |
| | Public key to verify the token.
|
-| use_jwks | boolean | False |
| | When set to true, uses the JWKS endpoint of the identity
server to verify the token. |
-| token_signing_alg_values_expected | string | False |
| | Algorithm used for signing the authentication token.
|
-| set_access_token_header | boolean | False | true
| | When set to true, sets the access token in a request
header. |
-| access_token_in_authorization_header | boolean | False | false
| | When set to true, sets the access token in the
`Authorization` header. Otherwise, set the `X-Access-Token` header. |
-| set_id_token_header | boolean | False | true
| | When set to true and the ID token is available, sets the
ID token in the `X-ID-Token` request header. |
-| set_userinfo_header | boolean | False | true
| | When set to true and the UserInfo object is available,
sets it in the `X-Userinfo` request header. |
-| set_refresh_token_header | boolean | False | false
| | When set to true and a refresh token object is
available, sets it in the `X-Refresh-Token` request header. |
+| Name | Type | Required | Default
| Valid values | Description
|
+|--------------------------------------|---------|----------|-----------------------|--------------|--------------------------------------------------------------------------------------------------------------------------|
+| client_id | string | True |
| | OAuth client ID.
|
+| client_secret | string | True |
| | OAuth client secret.
|
+| discovery | string | True |
| | Discovery endpoint URL of the identity server.
|
+| scope | string | False | "openid"
| | Scope used for authentication.
|
+| realm | string | False | "apisix"
| | Realm used for authentication.
|
+| bearer_only | boolean | False | false
| | When set to true, the Plugin will check for if the
authorization header in the request matches a bearer token. |
+| logout_path | string | False | "/logout"
| | Path for logging out.
|
+| post_logout_redirect_uri | string | False |
| | URL to redirect to after logging out.
|
+| redirect_uri | string | False |
"ngx.var.request_uri" | | URI to which the identity provider
redirects back to.
|
+| timeout | integer | False | 3
| [1,...] | Request timeout time in seconds.
|
+| ssl_verify | boolean | False | false
| | When set to true, verifies the identity provider's SSL
certificates. |
+| introspection_endpoint | string | False |
| | URL of the token verification endpoint of the identity
server. |
+| introspection_endpoint_auth_method | string | False |
"client_secret_basic" | | Authentication method name for token
introspection.
|
+| token_endpoint_auth_method | string | False |
| | Authentication method name for token endpoint. The
default will get the first supported method specified by the OP. |
+| public_key | string | False |
| | Public key to verify the token.
|
+| use_jwks | boolean | False | false
| | When set to `true`, uses the JWKS endpoint of the
identity server to verify the token. |
+| token_signing_alg_values_expected | string | False |
| | Algorithm used for signing the authentication token.
|
+| set_access_token_header | boolean | False | true
| | When set to true, sets the access token in a request
header. |
+| access_token_in_authorization_header | boolean | False | false
| | When set to true, sets the access token in the
`Authorization` header. Otherwise, set the `X-Access-Token` header. |
+| set_id_token_header | boolean | False | true
| | When set to true and the ID token is available, sets the
ID token in the `X-ID-Token` request header. |
+| set_userinfo_header | boolean | False | true
| | When set to true and the UserInfo object is available,
sets it in the `X-Userinfo` request header. |
+| set_refresh_token_header | boolean | False | false
| | When set to true and a refresh token object is available,
sets it in the `X-Refresh-Token` request header. |
## Modes of operation
diff --git a/docs/zh/latest/plugins/openid-connect.md
b/docs/zh/latest/plugins/openid-connect.md
index 16a8f9bfe..6aa620209 100644
--- a/docs/zh/latest/plugins/openid-connect.md
+++ b/docs/zh/latest/plugins/openid-connect.md
@@ -33,27 +33,30 @@ description: 本文介绍了关于 Apache APISIX `openid-connect` 插件的基
## 属性
-| 名称 | 类型 | 必选项 | 默认值 | 有效值
| 描述
|
-| ------------------------------------ | ------- | ------ |
--------------------- | ------- |
----------------------------------------------------------------------------------------------------
|
-| client_id | string | 是 |
| | OAuth 客户端 ID。
|
-| client_secret | string | 是 |
| | OAuth 客户端 secret。
|
-| discovery | string | 是 |
| | 身份服务器发现端点的 URL。
|
-| scope | string | 否 | "openid"
| | 用于认证的范围。
|
-| realm | string | 否 | "apisix"
| | 用于认证的领域。
|
-| bearer_only | boolean | 否 | false
| | 设置为 `true` 时,将检查请求中带有承载令牌的授权标头。
|
-| logout_path | string | 否 | "/logout"
| | 登出路径。
|
-| post_logout_redirect_uri | string | 否 |
| | 调用登出接口后想要跳转的 URL。
|
-| redirect_uri | string | 否 |
"ngx.var.request_uri" | | 身份提供者重定向返回的 URI。
|
-| timeout | integer | 否 | 3
| [1,...] | 请求超时时间,单位为秒
|
-| ssl_verify | boolean | 否 | false
| [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。
|
-| introspection_endpoint | string | 否 |
| | 身份服务器的令牌验证端点的 URL。
|
-| introspection_endpoint_auth_method | string | 否 |
"client_secret_basic" | | 令牌自省的认证方法名称。
|
-| public_key | string | 否 |
| | 验证令牌的公钥。
|
-| token_signing_alg_values_expected | string | 否 |
| | 用于对令牌进行签名的算法。
|
-| set_access_token_header | boolean | 否 | true
| [true, false] | 在请求头设置访问令牌。
|
-| access_token_in_authorization_header | boolean | 否 | false
| [true, false] | 当值为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数
`X-Access-Token`。|
-| set_id_token_header | boolean | 否 | true
| [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`。
|
-| set_userinfo_header | boolean | 否 | true
| [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`。
|
+| 名称 | 类型 | 必选项 | 默认值 | 有效值
| 描述
|
+| ------------------------------------ | ------- | ------ |
--------------------- | ------------- |
------------------------------------------------------------------------------------------------
|
+| client_id | string | 是 |
| | OAuth 客户端 ID。
|
+| client_secret | string | 是 |
| | OAuth 客户端 secret。
|
+| discovery | string | 是 |
| | 身份服务器发现端点的 URL。
|
+| scope | string | 否 | "openid"
| | 用于认证的范围。
|
+| realm | string | 否 | "apisix"
| | 用于认证的领域。
|
+| bearer_only | boolean | 否 | false
| | 当设置为 `true` 时,将检查请求中带有承载令牌的授权标头。
|
+| logout_path | string | 否 | "/logout"
| | 登出路径。
|
+| post_logout_redirect_uri | string | 否 |
| | 调用登出接口后想要跳转的 URL。
|
+| redirect_uri | string | 否 |
"ngx.var.request_uri" | | 身份提供者重定向返回的 URI。
|
+| timeout | integer | 否 | 3
| [1,...] | 请求超时时间,单位为秒
|
+| ssl_verify | boolean | 否 | false
| [true, false] | 当设置为 `true` 时,验证身份提供者的 SSL 证书。
|
+| introspection_endpoint | string | 否 |
| | 身份服务器的令牌验证端点的 URL。
|
+| introspection_endpoint_auth_method | string | 否 |
"client_secret_basic" | | 令牌自省的认证方法名称。
|
+| token_endpoint_auth_method | string | 否 |
| | 令牌端点的身份验证方法名称。默认情况将获取 OP 指定的第一个支持的方法。
|
+| public_key | string | 否 |
| | 验证令牌的公钥。
|
+| use_jwks | boolean | 否 | false
| | 当设置为 `true` 时,则会使用身份认证服务器的 JWKS 端点来验证令牌。
|
+| token_signing_alg_values_expected | string | 否 |
| | 用于对令牌进行签名的算法。
|
+| set_access_token_header | boolean | 否 | true
| [true, false] | 在请求头设置访问令牌。
|
+| access_token_in_authorization_header | boolean | 否 | false
| [true, false] | 当设置为 `true` 时,将访问令牌设置在请求头参数 `Authorization`,否则将使用请求头参数
`X-Access-Token`。 |
+| set_id_token_header | boolean | 否 | true
| [true, false] | 是否将 ID 令牌设置到请求头参数 `X-ID-Token`。
|
+| set_userinfo_header | boolean | 否 | true
| [true, false] | 是否将用户信息对象设置到请求头参数 `X-Userinfo`。
|
+| set_refresh_token_header | boolean | 否 | false
| | 当设置为 `true` 并且刷新令牌可用时,则会将该属性设置在`X-Refresh-Token`请求头中。
|
## 操作模式
