From 02f89a8ee24f1c13aaa2316e7c6b0a17769691f1 Mon Sep 17 00:00:00 2001 From: Traky Deng Date: Tue, 14 Nov 2023 22:03:47 -0800 Subject: [PATCH 1/3] Update info for how realm is used in openid-connect --- docs/en/latest/plugins/openid-connect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/latest/plugins/openid-connect.md b/docs/en/latest/plugins/openid-connect.md index 0130d192113d..486001a933f0 100644 --- a/docs/en/latest/plugins/openid-connect.md +++ b/docs/en/latest/plugins/openid-connect.md @@ -39,7 +39,7 @@ description: OpenID Connect allows the client to obtain user information from th | client_secret | string | True | | | OAuth client secret. | | discovery | string | True | | | Discovery endpoint URL of the identity server. | | scope | string | False | "openid" | | Scope used for authentication. | -| realm | string | False | "apisix" | | Realm used for authentication. | +| realm | string | False | "apisix" | | Realm in [`WWW-Authenticate` response header](https://www.rfc-editor.org/rfc/rfc6750#section-3) accompanying an unauthorized request due to invalid bearer token. | | bearer_only | boolean | False | false | | When set to `true`, APISIX will only check if the authorization header in the request matches a bearer token. | | logout_path | string | False | "/logout" | | Path for logging out. | | post_logout_redirect_uri | string | False | | | URL to redirect to after logging out. | From f067c78394384a49f02a541897052428bb5bc701 Mon Sep 17 00:00:00 2001 From: Traky Deng Date: Tue, 14 Nov 2023 22:08:42 -0800 Subject: [PATCH 2/3] update chinese doc --- docs/zh/latest/plugins/openid-connect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh/latest/plugins/openid-connect.md b/docs/zh/latest/plugins/openid-connect.md index 9355f951ebec..c7bcf4af0014 100644 --- a/docs/zh/latest/plugins/openid-connect.md +++ b/docs/zh/latest/plugins/openid-connect.md @@ -39,7 +39,7 @@ description: OpenID Connect(OIDC)是基于 OAuth 2.0 的身份认证协议 | client_secret | string | 是 | | | OAuth 客户端 secret。 | | discovery | string | 是 | | | 身份认证服务暴露的服务发现端点。 | | scope | string | 否 | "openid" | | 用于认证的范围。 | -| realm | string | 否 | "apisix" | | 与租户概念类似,不同 Realm 之间是相互隔离的,只能管理和验证它们所具有的用户。 | +| realm | string | 否 | "apisix" | | bearer token 无效时 `WWW-Authenticate` 响应头中会伴随着的 `realm` 讯息。 | | bearer_only | boolean | 否 | false | | 当设置为 `true` 时,将仅检查请求头中的令牌(Token)。 | | logout_path | string | 否 | "/logout" | | 登出路径。 | | post_logout_redirect_uri | string | 否 | | | 调用登出接口后想要跳转的 URL。 | From a7cd69a1d9078bef28e4e916b77138bcb2561099 Mon Sep 17 00:00:00 2001 From: Traky Deng Date: Tue, 14 Nov 2023 22:22:42 -0800 Subject: [PATCH 3/3] Update openid-connect.md --- docs/zh/latest/plugins/openid-connect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh/latest/plugins/openid-connect.md b/docs/zh/latest/plugins/openid-connect.md index c7bcf4af0014..3fbe9fc0d735 100644 --- a/docs/zh/latest/plugins/openid-connect.md +++ b/docs/zh/latest/plugins/openid-connect.md @@ -39,7 +39,7 @@ description: OpenID Connect(OIDC)是基于 OAuth 2.0 的身份认证协议 | client_secret | string | 是 | | | OAuth 客户端 secret。 | | discovery | string | 是 | | | 身份认证服务暴露的服务发现端点。 | | scope | string | 否 | "openid" | | 用于认证的范围。 | -| realm | string | 否 | "apisix" | | bearer token 无效时 `WWW-Authenticate` 响应头中会伴随着的 `realm` 讯息。 | +| realm | string | 否 | "apisix" | | bearer token 无效时 [`WWW-Authenticate` 响应头](https://www.rfc-editor.org/rfc/rfc6750#section-3)中会伴随着的 `realm` 讯息。 | | bearer_only | boolean | 否 | false | | 当设置为 `true` 时,将仅检查请求头中的令牌(Token)。 | | logout_path | string | 否 | "/logout" | | 登出路径。 | | post_logout_redirect_uri | string | 否 | | | 调用登出接口后想要跳转的 URL。 |