From 1f8cc8e014c4d6367ce593c200e1880fb8b541c4 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Mon, 16 Sep 2024 12:50:23 +0200 Subject: [PATCH] document introspect.token_param_name and json_payload_claim for >=2.1.0 Signed-off-by: Hans Zandbelt --- oauth2.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/oauth2.conf b/oauth2.conf index 7b441f1..d97019e 100644 --- a/oauth2.conf +++ b/oauth2.conf @@ -78,7 +78,7 @@ # # (provided in query-encoded format) # -# introspect RFC7662 introspection URL introspect.ssl_verify, introspect.auth, introspect.cache, introspect.expiry, introspect.params, type +# introspect RFC7662 introspection URL introspect.ssl_verify, introspect.auth, introspect.cache, introspect.expiry, introspect.token_param_name, introspect.params, type # jwks_uri JWKS URI that serves the public keys jwks_uri.ssl_verify, jwks_uri.cache, jwks_uri.expiry, type, # verify.iss, verify.exp, verify.iat, verify.iat.slack_before, verify.iat.slack_after # jwk JWK JSON representation of a symmetric kid (overrides kid in JWK), verify.iss, verify.exp, verify.iat, type, @@ -111,6 +111,7 @@ # default is "default", otherwise must refer to a named cache defined with OAuth2Cache # expiry cache expiry in seconds for access token validation results # introspect.auth endpoint authentication, see Authentication Options +# introspect.token_param_name name of the parameter in which the access token is sent, if is not the default "token" # introspect.params form-encoded extra POST parameters sent to the introspectoin endpoint e.g. key1%3Done%26key2%3Dtwo # *.ssl_verify true|false verify the TLS certificate presented on the configured HTTPs URL # *.cache cache backend name for results resolved from a URI @@ -160,5 +161,6 @@ # authn_header (-) set remote user in authentication header # prefix (OAUTH2_CLAIM_) append prefix to claim names (in headers/envvars) # remote_user_claim (sub) obtain remote user from claim +# json_payload_claim (-) set the JSON payload in header/envar #OAuth2TargetPass