From 527cb52be50774b5cc605f58f11bbe6e22ff01c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 23 Oct 2025 17:11:17 +0000 Subject: [PATCH] Update ToolHive reference docs for v0.4.2 --- docs/toolhive/reference/cli/thv_run.md | 1 + static/api-specs/toolhive-api.yaml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/docs/toolhive/reference/cli/thv_run.md b/docs/toolhive/reference/cli/thv_run.md index a714977..84c1004 100644 --- a/docs/toolhive/reference/cli/thv_run.md +++ b/docs/toolhive/reference/cli/thv_run.md @@ -110,6 +110,7 @@ thv run [flags] SERVER_OR_IMAGE_OR_PROTOCOL [-- ARGS...] --oidc-audience string Expected audience for the token --oidc-client-id string OIDC client ID --oidc-client-secret string OIDC client secret (optional, for introspection) + --oidc-insecure-allow-http Allow HTTP (non-HTTPS) OIDC issuers for local development/testing (WARNING: Insecure!) --oidc-introspection-url string URL for token introspection endpoint --oidc-issuer string OIDC issuer URL (e.g., https://accounts.google.com) --oidc-jwks-url string URL to fetch the JWKS from diff --git a/static/api-specs/toolhive-api.yaml b/static/api-specs/toolhive-api.yaml index 1d7a4ab..3e07926 100644 --- a/static/api-specs/toolhive-api.yaml +++ b/static/api-specs/toolhive-api.yaml @@ -61,6 +61,11 @@ components: clientSecret: description: ClientSecret is the optional OIDC client secret for introspection type: string + insecureAllowHTTP: + description: |- + InsecureAllowHTTP allows HTTP (non-HTTPS) OIDC issuers for development/testing + WARNING: This is insecure and should NEVER be used in production + type: boolean introspectionURL: description: IntrospectionURL is the optional introspection endpoint for validating tokens