From 46059eef85da7d0aa3928f1ca51573ec2646b3aa Mon Sep 17 00:00:00 2001 From: Parker Holladay Date: Fri, 8 Sep 2023 12:33:05 -0600 Subject: [PATCH] docs: fix auth config and rhai examples - The router config should be `authentication.jwt` rather `authentication.router.jwt` - In Rhai, it is `request[.subgraph].body.extensions`, the examples were missing the `.body` - Fix link to rhai example for forwarding headers --- docs/source/configuration/authn-jwt.mdx | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/docs/source/configuration/authn-jwt.mdx b/docs/source/configuration/authn-jwt.mdx index 149be310177..1322c34fa75 100644 --- a/docs/source/configuration/authn-jwt.mdx +++ b/docs/source/configuration/authn-jwt.mdx @@ -43,15 +43,14 @@ You enable JWT authentication for your router with the following steps: ```yaml title="router.yaml" authentication: - router: - jwt: - jwks: # This key is required. + jwt: + jwks: # This key is required. - url: https://dev-zzp5enui.us.auth0.com/.well-known/jwks.json issuer: - # These keys are optional. Default values are shown. - header_name: Authorization - header_value_prefix: Bearer + # These keys are optional. Default values are shown. + header_name: Authorization + header_value_prefix: Bearer ``` These options are documented [below](#configuration-options). @@ -204,7 +203,7 @@ fn process_request(request) { status: 401 }; } - request.subgraph.extensions["claims"] = claims; + request.subgraph.body.extensions["claims"] = claims; } ``` @@ -280,10 +279,9 @@ For example, if you use this [router configuration](./overview#yaml-config-file) ```yaml title="router.yaml" authentication: - router: - jwt: - jwks: - - url: "file:///etc/router/jwks.json" + jwt: + jwks: + - url: "file:///etc/router/jwks.json" coprocessor: url: http://127.0.0.1:8081 @@ -650,7 +648,7 @@ This matching strategy is necessary because some identity providers (IdPs) don't ## Forwarding JWTs to subgraphs -Because the Apollo Router handles validating incoming JWTs, you rarely need to pass those JWTs to individual subgraphs in their entirety. Instead, you usually want to [pass JWT _claims_ to subgraphs](#example-forwarding-claims-to-subgraphs) to enable fine-grained access control. +Because the Apollo Router handles validating incoming JWTs, you rarely need to pass those JWTs to individual subgraphs in their entirety. Instead, you usually want to [pass JWT _claims_ to subgraphs](#example-forwarding-claims-to-subgraphs-as-headers) to enable fine-grained access control. If you _do_ need to pass entire JWTs to subgraphs, you can do so via the Apollo Router's general-purpose [HTTP header propagation settings](./header-propagation).