diff --git a/.schema/config.schema.json b/.schema/config.schema.json index bc1d1476c0..f68a4a902b 100644 --- a/.schema/config.schema.json +++ b/.schema/config.schema.json @@ -874,7 +874,7 @@ }, "access_token": { "type": "string", - "description": "Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens", + "description": "Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token", "enum": ["opaque", "jwt"], "default": "opaque" }, diff --git a/client/client.go b/client/client.go index 52ee86b558..669fc8276f 100644 --- a/client/client.go +++ b/client/client.go @@ -303,7 +303,7 @@ type Client struct { // OAuth 2.0 Access Token Strategy // // AccessTokenStrategy is the strategy used to generate access tokens. - // Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens + // Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token // Setting the stragegy here overrides the global setting in `strategies.access_token`. AccessTokenStrategy string `json:"access_token_strategy,omitempty" db:"access_token_strategy" faker:"-"` diff --git a/internal/config/config.yaml b/internal/config/config.yaml index 49615d9596..376406d9a6 100644 --- a/internal/config/config.yaml +++ b/internal/config/config.yaml @@ -365,7 +365,7 @@ strategies: # You may use JSON Web Tokens as access tokens. # # But seriously. Don't do that. It's not a great idea and has a ton of caveats and subtle security implications. Read more: - # -> https://www.ory.sh/docs/hydra/advanced#json-web-tokens + # -> https://www.ory.sh/docs/oauth2-oidc/jwt-access-token # # access_token: jwt diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml index b0fa5a54ad..50359bd399 100644 --- a/internal/httpclient/api/openapi.yaml +++ b/internal/httpclient/api/openapi.yaml @@ -2624,7 +2624,7 @@ components: OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. - Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens + Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token Setting the stragegy here overrides the global setting in `strategies.access_token`. type: string allowed_cors_origins: diff --git a/internal/httpclient/docs/OAuth2Client.md b/internal/httpclient/docs/OAuth2Client.md index c9285372f9..a7722f1fe1 100644 --- a/internal/httpclient/docs/OAuth2Client.md +++ b/internal/httpclient/docs/OAuth2Client.md @@ -4,7 +4,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**AccessTokenStrategy** | Pointer to **string** | OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens Setting the stragegy here overrides the global setting in `strategies.access_token`. | [optional] +**AccessTokenStrategy** | Pointer to **string** | OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token Setting the stragegy here overrides the global setting in `strategies.access_token`. | [optional] **AllowedCorsOrigins** | Pointer to **[]string** | | [optional] **Audience** | Pointer to **[]string** | | [optional] **AuthorizationCodeGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional] diff --git a/internal/httpclient/model_o_auth2_client.go b/internal/httpclient/model_o_auth2_client.go index 96fc7da400..309295aa05 100644 --- a/internal/httpclient/model_o_auth2_client.go +++ b/internal/httpclient/model_o_auth2_client.go @@ -21,7 +21,7 @@ var _ MappedNullable = &OAuth2Client{} // OAuth2Client OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. type OAuth2Client struct { - // OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens Setting the stragegy here overrides the global setting in `strategies.access_token`. + // OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token Setting the stragegy here overrides the global setting in `strategies.access_token`. AccessTokenStrategy *string `json:"access_token_strategy,omitempty"` AllowedCorsOrigins []string `json:"allowed_cors_origins,omitempty"` Audience []string `json:"audience,omitempty"` diff --git a/spec/api.json b/spec/api.json index 26ab8b4dfb..495ba853ab 100644 --- a/spec/api.json +++ b/spec/api.json @@ -612,7 +612,7 @@ "description": "OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are\ngenerated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.", "properties": { "access_token_strategy": { - "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens\nSetting the stragegy here overrides the global setting in `strategies.access_token`.", + "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token\nSetting the stragegy here overrides the global setting in `strategies.access_token`.", "type": "string" }, "allowed_cors_origins": { diff --git a/spec/config.json b/spec/config.json index 72f81534c6..caa1c81142 100644 --- a/spec/config.json +++ b/spec/config.json @@ -874,7 +874,7 @@ }, "access_token": { "type": "string", - "description": "Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens", + "description": "Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token", "enum": ["opaque", "jwt"], "default": "opaque" }, diff --git a/spec/swagger.json b/spec/swagger.json index 734ff1e4b9..748e775021 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -2632,7 +2632,7 @@ "title": "OAuth 2.0 Client", "properties": { "access_token_strategy": { - "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens\nSetting the stragegy here overrides the global setting in `strategies.access_token`.", + "description": "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is the strategy used to generate access tokens.\nValid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/oauth2-oidc/jwt-access-token\nSetting the stragegy here overrides the global setting in `strategies.access_token`.", "type": "string" }, "allowed_cors_origins": {