From f604a3e87aa13c3b2bfd99948f300fbf7f3d6da2 Mon Sep 17 00:00:00 2001 From: bobby <1544881+desimone@users.noreply.github.com> Date: Thu, 12 Nov 2020 14:44:00 -0800 Subject: [PATCH] docs: use standard langauge for lists (#1590) Signed-off-by: Bobby DeSimone --- docs/reference/readme.md | 14 ++++++++++---- examples/config/config.example.env | 2 -- examples/config/config.example.yaml | 2 -- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/reference/readme.md b/docs/reference/readme.md index 4818691c8..a9b176601 100644 --- a/docs/reference/readme.md +++ b/docs/reference/readme.md @@ -655,7 +655,7 @@ See [identity provider] for details. ### Identity Provider Scopes - Environmental Variable: `IDP_SCOPES` - Config File Key: `idp_scopes` -- Type: `[]string` comma separated list of oauth scopes. +- Type: list of `strings` - Default: `oidc`,`profile`, `email`, `offline_access` (typically) - Optional for built-in identity providers. @@ -667,6 +667,12 @@ If you are using a built-in provider, you probably don't want to set customized ::: +:::warning + +Some providers, like Amazon Cognito, _do not_ support the `offline_access` scope. + +::: + ### Identity Provider Service Account - Environmental Variable: `IDP_SERVICE_ACCOUNT` @@ -953,7 +959,7 @@ A list of policy configuration variables follows. ### Allowed Domains - `yaml`/`json` setting: `allowed_domains` -- Type: collection of `strings` +- Type: list of `strings` - Required - Example: `pomerium.io` , `gmail.com` @@ -962,7 +968,7 @@ Allowed domains is a collection of whitelisted domains to authorize for a given ### Allowed Groups - `yaml`/`json` setting: `allowed_groups` -- Type: collection of `strings` +- Type: list of `strings` - Required - Example: `admins` , `support@company.com` @@ -971,7 +977,7 @@ Allowed groups is a collection of whitelisted groups to authorize for a given ro ### Allowed Users - `yaml`/`json` setting: `allowed_users` -- Type: collection of `strings` +- Type: list of `strings` - Required - Example: `alice@pomerium.io` , `bob@contractor.co` diff --git a/examples/config/config.example.env b/examples/config/config.example.env index 7343b2dff..761307305 100644 --- a/examples/config/config.example.env +++ b/examples/config/config.example.env @@ -60,8 +60,6 @@ export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google # export IDP_CLIENT_SECRET="REPLACEME" # export IDP_PROVIDER_URL="https://openid-connect.onelogin.com/oidc" #optional, defaults to `https://openid-connect.onelogin.com/oidc` -# export SCOPE="openid email" # generally, you want the default OIDC scopes - # Proxied routes and per-route policies are defined in a policy provided either # directly as a base64 encoded yaml/json file, or as the policy key in the configuration # file diff --git a/examples/config/config.example.yaml b/examples/config/config.example.yaml index aae6fa79e..45fe53f0b 100644 --- a/examples/config/config.example.yaml +++ b/examples/config/config.example.yaml @@ -70,8 +70,6 @@ authenticate_service_url: https://authenticate.corp.beyondperimeter.com # idp_client_secret: "REPLACEME" # idp_provider_url: "https://openid-connect.onelogin.com/oidc" #optional, defaults to `https://openid-connect.onelogin.com/oidc` -# scope: "openid email" # generally, you want the default OIDC scopes - # For Group data you must set an IDP_SERVICE_ACCOUNT # idp_service_account: YOUR_SERVICE_ACCOUNT