From cb3406aae7aee63d8b0c363aa85586d92ea4da53 Mon Sep 17 00:00:00 2001
From: Ryan Liang <jiallian@amazon.com>
Date: Wed, 23 Aug 2023 16:59:30 -0700
Subject: [PATCH] Add comment in DynamicConfigModelV7

Signed-off-by: Ryan Liang <jiallian@amazon.com>
---
 .../security/securityconf/DynamicConfigModelV7.java         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java
index 44e33f9085..3bf492f1eb 100644
--- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java
+++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java
@@ -375,6 +375,12 @@ private void buildAAA() {
             }
         }
 
+        /*
+         * If the OnBehalfOf (OBO) authentication is configured:
+         * Add the OBO authbackend in to the auth domains
+         * Challenge: false - no need to iterate through the auth domains again when OBO authentication failed
+         * order: -1 - prioritize the OBO authentication when it gets enabled
+         */
         Settings oboSettings = getDynamicOnBehalfOfSettings();
         if (oboSettings.get("signing_key") != null && oboSettings.get("encryption_key") != null) {
             final AuthDomain _ad = new AuthDomain(