diff --git a/docs/oathkeeper/pipeline/authn.md b/docs/oathkeeper/pipeline/authn.md index c48a9c48c..beee9596d 100644 --- a/docs/oathkeeper/pipeline/authn.md +++ b/docs/oathkeeper/pipeline/authn.md @@ -440,14 +440,19 @@ was granted the requested scope. 2.0 Client Credentials Grant will be performed. - `token_from` (object, optional) - The location of the bearer token. If not configured, the token will be received from a default location - - 'Authorization' header. One and only one location (header or query) must be + 'Authorization' header. One and only one location (header, query, or cookie) must be specified. - `header` (string, required, one of) - The header (case insensitive) that must contain a Bearer token for request authentication. It can't be set - along with query_parameter. + along with `query_parameter` or `cookie`. - `query_parameter` (string, required, one of) - The query parameter (case sensitive) that must contain a Bearer token for request authentication. It - can't be set along with header. + can't be set along with `header` or `cookie`. + - `cookie` (string, required, one of) - The cookie (case sensitive) + that must contain a Bearer token for request authentication. It + can't be set along with `header` or `query_parameter` +- `introspection_request_headers` (object, optional) - Additional headers + to add to the introspection request ```yaml # Global configuration file oathkeeper.yml @@ -473,6 +478,10 @@ authenticators: header: Custom-Authorization-Header # or # query_parameter: auth-token + # or + # cookie: auth-token + introspection_request_headers: + x-forwarded-proto: https ``` ```yaml @@ -499,6 +508,11 @@ authenticators: query_parameter: auth-token # or # header: Custom-Authorization-Header + # or + # cookie: auth-token + introspection_request_headers: + x-forwarded-proto: https + x-foo: bar ``` ### Access Rule Example