diff --git a/UPGRADE.md b/UPGRADE.md index 89d899a2c..6e5aba9ec 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -18,6 +18,11 @@ before finalizing the upgrade process. ## 1.0.0-beta.9 +### Refresh Configuration + +Environment variable `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_REFRESH_INTERVAL` is now called +`CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL`. + ### Scope Matching Previously, `fosite.WildcardScopeStrategy` was used to validate OAuth 2.0 Scope. This is now configurable diff --git a/cmd/helper_messages.go b/cmd/helper_messages.go index b37aaf6b0..33e5a542e 100644 --- a/cmd/helper_messages.go +++ b/cmd/helper_messages.go @@ -108,6 +108,13 @@ var credentialsIssuer = `CREDENTIALS ISSUERS Example: CREDENTIALS_ISSUER_ID_TOKEN_ISSUER=http://oathkeeper-url/ -------------------------------------------------------------- + - CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL: This value sets how often ORY Oathkeeper checks if a new + key for signing is available. This is only required for strategies that fetch the key from a remote location. + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + -------------------------------------------------------------- + Default: CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL=5m + -------------------------------------------------------------- + - CREDENTIALS_ISSUER_ID_TOKEN_ALGORITHM: The algorithm to be used for signing the ID Token. Supports HS256 (shared secret), "ORY-HYDRA" (uses ORY Hydra to create, store, and fetch RSA Keys for signing). -------------------------------------------------------------- @@ -133,12 +140,6 @@ var credentialsIssuer = `CREDENTIALS ISSUERS -------------------------------------------------------------- Example: CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL=http://hydra-url/ - - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_REFRESH_INTERVAL: This value sets how often ORY Oathkeeper checks if a new - key for signing is available at ORY Hydra. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". - -------------------------------------------------------------- - Default: CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_REFRESH_INTERVAL=5m - -------------------------------------------------------------- - - CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID: The JSON Web Key set identifier that will be used to create, store, and retrieve the JSON Web Key from ORY Hydra. -------------------------------------------------------------- diff --git a/cmd/root.go b/cmd/root.go index 485499db0..b4febd0fd 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -83,7 +83,7 @@ func initConfig() { viper.SetDefault("PORT", "4455") viper.SetDefault("RULES_REFRESH_INTERVAL", "5s") - viper.SetDefault("CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL", "5s") + viper.SetDefault("CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL", "5m") viper.SetDefault("CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_JWK_SET_ID", "oathkeeper:id-token") viper.SetDefault("CREDENTIALS_ISSUER_ID_TOKEN_ALGORITHM", "HS256")