From 7301eb6783db93ebf098f8469093152d938fd85e Mon Sep 17 00:00:00 2001 From: Marcial Rosales Date: Fri, 27 Sep 2024 13:19:58 +0200 Subject: [PATCH] Minor wording improvement --- docs/oauth2.md | 2 +- versioned_docs/version-3.13/oauth2.md | 2 +- versioned_docs/version-4.0/oauth2.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/oauth2.md b/docs/oauth2.md index 7b2ea98dc..4cf6f3b33 100644 --- a/docs/oauth2.md +++ b/docs/oauth2.md @@ -149,7 +149,7 @@ In chronological order, here is the sequence of events that occur when a client | `auth_oauth2.preferred_username_claims` | [List of the JWT claims](#preferred-username-claims) to look for the username associated with the token. | `auth_oauth2.default_key` | ID of the default signing key. | `auth_oauth2.signing_keys` | Paths to the [signing key files](#signing-key-files). -| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server that is used to either discover endpoints such as `jwks_uri` and/or where to redirect RabbitMQ management users to login and get a token. +| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server. It is used to build the discovery endpoint url to discover other endpoints such as such as `jwks_uri`. And this issuer URL is also the URL where to send RabbitMQ management users to login and get a token. | `auth_oauth2.discovery_endpoint_path` | The path used for the [OpenId discovery endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). The endpoint URI is built using `auth_oauth2.issuer`, this path or else the default path `.well-known/openid-configuration` followed by query parameters configured in the following variable | `auth_oauth2.discovery_endpoint_params` | [List of HTTP query parameters](#discovery-endpoint-params) sent to the OpenId discovery endpoint. | `auth_oauth2.jwks_url` | The URL of the [JWKS endpoint](#jwks-endpoint). According to the [JWT Specification](https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.2), the endpoint URL must be https. Optional if you set `auth_oauth2.issuer`. If this URL is set, it overrides the `jwks_uri` discovered via the discovery endpoint. diff --git a/versioned_docs/version-3.13/oauth2.md b/versioned_docs/version-3.13/oauth2.md index 28dd0d5cb..a413fceea 100644 --- a/versioned_docs/version-3.13/oauth2.md +++ b/versioned_docs/version-3.13/oauth2.md @@ -142,7 +142,7 @@ In chronological order, here is the sequence of events that occur when a client | `auth_oauth2.preferred_username_claims` | [List of the JWT claims](#preferred-username-claims) to look for the username associated with the token. | `auth_oauth2.default_key` | ID of the default signing key. | `auth_oauth2.signing_keys` | Paths to the [signing key files](#signing-key-files). -| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server that is used to discover endpoints such as `jwks_uri` and others (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). +| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server. It is used to build the discovery endpoint url to discover other endpoints such as such as `jwks_uri`. And this issuer URL is also the URL where to send RabbitMQ management users to login and get a token. | `auth_oauth2.jwks_url` | The URL of the [JWKS endpoint](#jwks-endpoint). According to the [JWT Specification](https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.2), the endpoint URL must be https. | `auth_oauth2.token_endpoint` | The URL of the OAuth 2.0 token endpoint. | `auth_oauth2.https.cacertfile` | Path to a file containing PEM-encoded CA certificates. The CA certificates are used to connect to any of these endpoints: `jwks_url`, `token_endpoint`, or the `issuer`. diff --git a/versioned_docs/version-4.0/oauth2.md b/versioned_docs/version-4.0/oauth2.md index 2ddb443ac..672e7fc7a 100644 --- a/versioned_docs/version-4.0/oauth2.md +++ b/versioned_docs/version-4.0/oauth2.md @@ -142,7 +142,7 @@ In chronological order, here is the sequence of events that occur when a client | `auth_oauth2.preferred_username_claims` | [List of the JWT claims](#preferred-username-claims) to look for the username associated with the token. | `auth_oauth2.default_key` | ID of the default signing key. | `auth_oauth2.signing_keys` | Paths to the [signing key files](#signing-key-files). -| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server that is used to discover endpoints such as `jwks_uri` and others (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). +| `auth_oauth2.issuer` | The [issuer URL](#configure-issuer) of the authorization server. It is used to build the discovery endpoint url to discover other endpoints such as such as `jwks_uri`. And this issuer URL is also the URL where to send RabbitMQ management users to login and get a token. | `auth_oauth2.jwks_url` | The URL of the [JWKS endpoint](#jwks-endpoint). According to the [JWT Specification](https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.2), the endpoint URL must be https. | `auth_oauth2.token_endpoint` | The URL of the OAuth 2.0 token endpoint. | `auth_oauth2.https.cacertfile` | Path to a file containing PEM-encoded CA certificates. The CA certificates are used to connect to any of these endpoints: `jwks_url`, `token_endpoint`, or the `issuer`.