You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/10/14 07:38:42 UTC
[GitHub] [apisix] bzp2010 commented on a diff in pull request #8068: feat(openid-connect): make session_secret support configurable
bzp2010 commented on code in PR #8068:
URL: https://github.com/apache/apisix/pull/8068#discussion_r995443828
##########
docs/en/latest/plugins/openid-connect.md:
##########
@@ -58,6 +58,8 @@ description: OpenID Connect allows the client to obtain user information from th
| set_id_token_header | boolean | False | true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. |
| set_userinfo_header | boolean | False | true | | When set to true and the UserInfo object is available, sets it in the `X-Userinfo` request header. |
| set_refresh_token_header | boolean | False | false | | When set to true and a refresh token object is available, sets it in the `X-Refresh-Token` request header. |
+| session | object | False | | | When bearer_only is set to false, openid-connect will use Authorization Code flow to authenticate on the IDP, so you need to set the session-related configuration. |
+| session.secret | string | True | Automatic generation | 16 or more characters | The key used for session encrypt and HMAC operation. |
Review Comment:
Yes, I think it's best to do that. Let me modify it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org