From 9f42596a1d2bc2d580b295b04ceb65c28627c704 Mon Sep 17 00:00:00 2001 From: Marlin Cremers Date: Wed, 6 Jul 2022 14:46:05 +0200 Subject: [PATCH] docs(bearer_token): add information about auth_scheme and HTTP 406 --- docs/oathkeeper/pipeline/authn.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/oathkeeper/pipeline/authn.md b/docs/oathkeeper/pipeline/authn.md index 7044dc7dd..87496584b 100644 --- a/docs/oathkeeper/pipeline/authn.md +++ b/docs/oathkeeper/pipeline/authn.md @@ -339,7 +339,8 @@ The request isn't authorized because the provided credentials are invalid. The `bearer_token` authenticator will forward the request method, path and headers to a session store. If the session store returns `200 OK` and body `{ "subject": "...", "extra": {} }` then the authenticator will set the subject appropriately. Please -note that Gzipped responses from `check_session_url` are not supported, and will fail silently. +note that Gzipped responses from `check_session_url` are not supported, and will fail silently. You can return `HTTP 406` +to skip to the next authentication method. ### `bearer_token` Configuration @@ -357,6 +358,8 @@ note that Gzipped responses from `check_session_url` are not supported, and will pointing to the `sub` field. This defaults to `sub`. Example: `identity.id` for `{ "identity": { "id": "1234" } }`. - `token_from` (object, optional) - The location of the bearer token. If not configured, the token will be received from a default location - 'Authorization' header. One and only one location (header, query, or cookie) must be specified. + - `auth_scheme` (string, optional, one of) - The auth scheme (case insensitive) that must prefix the token for request + authentication when the header is set to `Authorization`. This defaults to `Bearer` for. It can only be set along with `header``. - `header` (string, required, one of) - The header (case insensitive) that must contain a Bearer token for request authentication. It can't be set along with `query_parameter` or `cookie`. - `query_parameter` (string, required, one of) - The query parameter (case sensitive) that must contain a Bearer token for