|
78 | 78 | # |
79 | 79 | # <type> <value> <description> <options> (provided in query-encoded format) |
80 | 80 | # |
81 | | -# introspect <url> RFC7662 introspection URL introspect.ssl_verify, introspect.auth, introspect.cache, introspect.expiry, introspect.params, type |
| 81 | +# introspect <url> RFC7662 introspection URL introspect.ssl_verify, introspect.auth, introspect.cache, introspect.expiry, introspect.token_param_name, introspect.params, type |
82 | 82 | # jwks_uri <url> JWKS URI that serves the public keys jwks_uri.ssl_verify, jwks_uri.cache, jwks_uri.expiry, type, |
83 | 83 | # verify.iss, verify.exp, verify.iat, verify.iat.slack_before, verify.iat.slack_after |
84 | 84 | # jwk <json> JWK JSON representation of a symmetric kid (overrides kid in JWK), verify.iss, verify.exp, verify.iat, type, |
|
111 | 111 | # default is "default", otherwise must refer to a named cache defined with OAuth2Cache |
112 | 112 | # expiry <number> cache expiry in seconds for access token validation results |
113 | 113 | # introspect.auth <auth> endpoint authentication, see Authentication Options |
| 114 | +# introspect.token_param_name <string> name of the parameter in which the access token is sent, if is not the default "token" |
114 | 115 | # introspect.params <form-encoded-string> form-encoded extra POST parameters sent to the introspectoin endpoint e.g. key1%3Done%26key2%3Dtwo |
115 | 116 | # *.ssl_verify true|false verify the TLS certificate presented on the configured HTTPs URL |
116 | 117 | # *.cache <string> cache backend name for results resolved from a URI |
|
160 | 161 | # authn_header <name> (-) set remote user in authentication header <name> |
161 | 162 | # prefix <string> (OAUTH2_CLAIM_) append prefix to claim names (in headers/envvars) |
162 | 163 | # remote_user_claim <name> (sub) obtain remote user from claim <name> |
| 164 | +# json_payload_claim <name> (-) set the JSON payload in header/envar <prefix><name> |
163 | 165 |
|
164 | 166 | #OAuth2TargetPass <options-in-query-encoded-format> |
0 commit comments