Update docu for 3.1.0 release

README.md

@@ -22,13 +22,13 @@ Please remember to provide a good summary, description as well as steps to repro
 To run Gatekeeper, you can build it using this command:
 
 ```bash
-docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:3.0.2 .
+docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:3.1.0 .
 ```
 
 or you can use aleady existing Docker image by running:
 
 ```bash
-docker run -it --rm quay.io/gogatekeeper/gatekeeper:3.0.2 \
+docker run -it --rm quay.io/gogatekeeper/gatekeeper:3.1.0 \
       --listen 127.0.0.1:8080 \
       --upstream-url http://127.0.0.1:80 \
       --discovery-url https://keycloak.example.com/realms/<REALM_NAME> \

docs/content/_index.md

@@ -230,8 +230,41 @@ If you have roles listed in some custom claim, please see [custom claim matching
 You can use gatekeeper to protect APIs, frontend server applications, frontend client applications.
 Frontend server-side applications can be protected by Authorization Code Flow (also with PKCE), during which several redirection
 steps take place. For protecting APIs you can use Client Credentials Grant to avoid redirections steps
-involved in authorization code flow you have to use `--no-redirects=true`. For frontend applications
-you can use Authorization Code Flow (also with PKCE) with encrypted refresh token cookies enabled, in this case however you have to handle redirections, e.g. at token expiration.
+involved in authorization code flow you have to use `--no-redirects=true`.
+
+From version 3.1.0 gatekeeper also supports both Authorization Code Flow and "API" mode to be configured
+on same gatekeeper, example:
+
+```yaml
+# this configuration enables globally Authorization Code Flow and "API" (no-redirect=true) mode
+# on /api/v1/* and /api/v2*
+no-redirects: false
+resources:
+- uri: /api/v1/*
+  methods:
+    - GET
+  no-redirect: true
+- uri: /api/v2/*
+  methods:
+    - GET
+  no-redirect: true
+```
+
+**IMPORTANT** - This will not work, from technical and backward compatibility reasons, you can override in
+resources only to no-redirect=true:
+
+```yaml
+no-redirects: true
+resources:
+- uri: /myfrontend1
+  methods:
+    - GET
+  no-redirect: false
+- uri: /myfrontend2
+  methods:
+    - GET
+  no-redirect: false
+```
 
 ## Default Deny
 
@@ -481,7 +514,7 @@ in Keycloak, providing granular role controls over issue tokens.
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:3.0.2
+  image: quay.io/gogatekeeper/gatekeeper:3.1.0
   args:
   - --enable-forwarding=true
   - --forwarding-username=projecta
@@ -508,7 +541,7 @@ Example setup client credentials grant:
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:3.0.2
+  image: quay.io/gogatekeeper/gatekeeper:3.1.0
   args:
   - --enable-forwarding=true
   - --forwarding-domains=projecta.svc.cluster.local

e2e/k8s/manifest_test_forwardauth.yml

@@ -2626,7 +2626,7 @@ spec:
             - -c
             - "while true;do sleep 10;done"
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:3.0.2
+          image: quay.io/gogatekeeper/gatekeeper:3.1.0
           imagePullPolicy: Never
           args:
             - --client-id=test-client

kube/reverse.yml

@@ -21,7 +21,7 @@ spec:
           secretName: tls
       containers:
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:3.0.2
+          image: quay.io/gogatekeeper/gatekeeper:3.1.0
           imagePullPolicy: Always
           args:
             - --client-id=broker