diff --git a/docs/integrations/amazon/oauth.mdx b/docs/integrations/amazon/oauth.mdx index a026254a90..4cba61825a 100644 --- a/docs/integrations/amazon/oauth.mdx +++ b/docs/integrations/amazon/oauth.mdx @@ -2,7 +2,8 @@ description: Authenticate users with Amazon OAuth --- -import ConfigExample from "/src/components/ConfigExample.tsx"; +import Amazon from "/traffic-policy/actions/oauth/examples/custom-amazon-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; # Amazon OAuth @@ -26,57 +27,18 @@ The step-by-step instructions below follow Amazon's documentation on [Register f 5. On the **Security Profile** page, click **Edit**, enter `https://idp.ngrok.com/oauth2/callback` in the **Allowed Return URLs** field, and then click **Save**. ![](/img/howto/oauth/2-amazon-register.png) -### Update your ngrok endpoint configuration +### Update your ngrok endpoint traffic policy 1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. 2. In your traffic policy, add the following configuration: - + 3. Click **Save** to validate and update your traffic policy. 4. Optionally, configure access control to your service by only allowing specific users or domains. - + ### Additional application setup information diff --git a/docs/integrations/facebook/oauth.mdx b/docs/integrations/facebook/oauth.mdx index 4595f0b832..31b432118b 100644 --- a/docs/integrations/facebook/oauth.mdx +++ b/docs/integrations/facebook/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users via Facebook OAuth --- +import Facebook from "/traffic-policy/actions/oauth/examples/custom-facebook-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # Facebook OAuth ## Creating a custom Facebook application @@ -35,15 +38,23 @@ For additional assistance, see the [Facebook app registration](https://developer 15. Select the toggle for "In development" at the top of the page and confirm switching to live mode. 16. Your application should now show as live: ![](/img/howto/oauth/6-facebook-live.png) -### Update your endpoint configuration +### Update your ngrok Endpoint Traffic Policy + +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: + + + +A Note about Scopes: You may add [any scopes](https://developers.facebook.com/docs/apps/review/login-permissions) that are required by your application with the following caveats. + +- Scopes which require a Facebook [app review](https://developers.facebook.com/docs/apps/review/#app-review) are unsupported. +- ngrok will enforce that users [accept all permissions](https://developers.facebook.com/docs/facebook-login/handling-declined-permissions#reprompt) before completing authorization. + +3. Click **Save** to validate and update your traffic policy. + +4. Optionally, configure access control to your service by only allowing specific users or domains. -1. Return to the ngrok dashboard and create or edit an OAuth edge configuration module. -2. Choose to use your own application with Facebook as the provider. -3. Include the app ID and app secret that were stored earlier. -4. Add [any scopes](https://developers.facebook.com/docs/apps/review/login-permissions) required by your application. - - Scopes which require a Facebook [app review](https://developers.facebook.com/docs/apps/review/#app-review) are unsupported. - - ngrok will enforce that users [accept all permissions](https://developers.facebook.com/docs/facebook-login/handling-declined-permissions#reprompt) before completing authorization. -5. Add the `email` scope if it is not already present. + ### Additional application setup information diff --git a/docs/integrations/github/oauth.mdx b/docs/integrations/github/oauth.mdx index 5a89107f8a..8dfd9fcbd7 100644 --- a/docs/integrations/github/oauth.mdx +++ b/docs/integrations/github/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users via GitHub OAuth --- +import Github from "/traffic-policy/actions/oauth/examples/custom-github-example.mdx"; +import Name from "/traffic-policy/actions/oauth/examples/restrict-by-name-example.mdx"; + # GitHub OAuth ## Creating a custom GitHub OAuth application @@ -10,53 +13,20 @@ description: Authenticate users via GitHub OAuth 2. Set the Authorization callback URL to `https://idp.ngrok.com/oauth2/callback`. 3. Submit the form. A working example registration: ![](/img/howto/oauth/1-github-register.png) 4. Save the client ID and client secret from the application overview: ![](/img/howto/oauth/2-github-client_id_and_secret.png) -5. Return to the ngrok dashboard and create or edit an OAuth endpoint configuration module. You do this by [going to your edges](https://dashboard.ngrok.com/cloud-edge/edges), clicking on the edge that you want to apply OAuth to, and selecting the OAuth tab within edge your routes. From there you will be prompted to begin setup. -6. Choose to use your own application with GitHub as the provider. -7. Include the client ID and secret from earlier. -8. Add any scopes your application requires. - - Include the `read:user` scope (or more permissive, like `user`) for ngrok. -9. Add any team or organization constraints by the their mention handle(s), excluding the `@` prefix. - - For example, the [ngrok](https://github.com/ngrok) organization's mention handle is `@ngrok`, so the organization constraint would be `ngrok`. Similarly, the `@ngrok/developers` team would be matched by the constraint `ngrok/developers`. - - If a constraint is specified, the `read:org` scope is required. A more permissive scope, such as `org`, also works. - - Organizations must allow [third-party access](#using-organization-and-teams) to your app. - -## Additional GitHub headers provided by ngrok - -In addition to the headers set for every OAuth provider, these additional headers are available when using GitHub. - -`ngrok-auth-github-user-id` - -The username of the authorized user. - -`ngrok-auth-github-organization` - -**Only when a team or organization constraint matches:** the [first matching](#header-presence-and-constraint-ordering) GitHub organization's mention handle (e.g "coreutils"). - -`ngrok-auth-github-team` - -**Only when a team constraint matches:** the [first matching](#header-presence-and-constraint-ordering) GitHub team mention handle (e.g "coreutils/contributors"). - -## Using Organization and Teams - -To authorize users based on organization or team membership, the organization must allow third party access. There are multiple ways to grant access: -- Organizations may allow unrestricted third-party access from settings. -- Owners can grant access to an application during authorization. -- Members can request access as part of authorization. -- Members can [request access from settings.](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/requesting-organization-approval-for-oauth-apps) +### Update your ngrok endpoint traffic policy -The ngrok managed application can authorize users based on organization or team. **For organizations concerned about membership privacy, your own application should always be used**. When granting third-party access to the managed application, anyone using the managed application may constrain based on your organization's membership. +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: -## Header presence and constraint ordering + -Organization and team headers are present only when an organization or team constraint matches. For example, an endpoint constrained solely on the `ngrok` organization will always have authorized users with the `ngrok` organization header. An endpoint without any organization or team constraints will receive no organization or team header. +3. Click **Save** to validate and update your traffic policy. -ngrok authorizes against users' first 200 memberships of each constraint in chronological order of the team or organization's creation. Headers are filled from the first user data match in order: +4. Optionally, configure access control to your service by only allowing specific users or domains. -1. From any team membership, check the parent organization. -2. Check team membership. -3. Check organization membership. + ## Known Limitations -- Users who utilize GitHub's [private email setting](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#:~:text=If%20you%27d%20like%20to%20keep%20your%20personal,to%20Keep%20my%20email%20address%20private.) are not able to sign in. +- Users who utilize GitHub's [private email setting](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#:~:text=If%20you%27d%20like%20to%20keep%20your%20personal,to%20Keep%20my%20email%20address%20private) are not able to sign in. diff --git a/docs/integrations/gitlab/oauth.mdx b/docs/integrations/gitlab/oauth.mdx index 5bae02dc08..188b7b5a98 100644 --- a/docs/integrations/gitlab/oauth.mdx +++ b/docs/integrations/gitlab/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users via GitLab OAuth --- +import Gitlab from "/traffic-policy/actions/oauth/examples/custom-gitlab-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # GitLab ## Configure GitLab OAuth with ngrok @@ -22,13 +25,18 @@ The step-by-step instructions below follow GitLab's documentation on [setting up ![](/img/howto/oauth/2-gitlab-scopes.png) -### Update your ngrok edge configuration +### Update your ngrok endpoint traffic policy + +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: + + -1. Access the [ngrok Dashboard](https://dashboard.ngrok.com/), sign in, create or edit an edge, and click **OAuth** to enable the OAuth configuration. +3. Click **Save** to validate and update your traffic policy. -2. Select **GitLab** in the **Identity Provider** selector and then enter the **Client ID** and **Client Secret** values you copied previously in the corresponding fields. +4. Optionally, configure access control to your service by only allowing specific users or domains. -3. Click **Save**. + ### Additional application setup information diff --git a/docs/integrations/google/oauth.mdx b/docs/integrations/google/oauth.mdx index 89adc53f26..2556bdf8ae 100644 --- a/docs/integrations/google/oauth.mdx +++ b/docs/integrations/google/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users with Google OAuth --- +import Google from "/traffic-policy/actions/oauth/examples/custom-google-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # Google OAuth ## Creating a custom Google OAuth application @@ -31,14 +34,18 @@ Step-by-step instructions below follow Google's documentation on [setting up OAu 4. Name your secret, then set "Authorized Redirect URIs" to `https://idp.ngrok.com/oauth2/callback`. The final credentials form should resemble: ![](/img/howto/oauth/2-google-create_client_id.png) 5. Securely store the client ID and secret from the final screen: ![](/img/howto/oauth/3-google-client_id_and_secret.png) -### Update your endpoint configuration +### Update your ngrok endpoint traffic policy + +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: + + + +3. Click **Save** to validate and update your traffic policy. + +4. Optionally, configure access control to your service by only allowing specific users or domains. -1. Return to the ngrok dashboard and create or edit an OAuth endpoint configuration module for your edge. -2. Choose to use your own application with Google as the provider. -3. Include the client ID, secret, and scopes configured in your application. -4. Add the following scopes to your application if they are not already present: - - `https://www.googleapis.com/auth/userinfo.profile` - - `https://www.googleapis.com/auth/userinfo.email` + ### Additional application setup information diff --git a/docs/integrations/linkedin/oauth.mdx b/docs/integrations/linkedin/oauth.mdx index 1067420db5..e2cd07f1ab 100644 --- a/docs/integrations/linkedin/oauth.mdx +++ b/docs/integrations/linkedin/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users with LinkedIn OAuth --- +import Linkedin from "/traffic-policy/actions/oauth/examples/custom-linkedin-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # LinkedIn ## Creating a custom LinkedIn OAuth application @@ -24,17 +27,18 @@ The step-by-step instructions below follow LinkedIn's documentation on [setting ![](/img/howto/oauth/2-linkedin-add-products.png) -### Update your endpoint configuration +### Update your ngrok endpoint traffic policy -1. Access the [ngrok Dashboard](https://dashboard.ngrok.com/), sign in, create or edit an edge, and click **OAuth** to enable the OAuth configuration. +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: -2. Select **LinkedIn** in the **Identity Provider** selector, and select **Use my own OAuth application** in the **OAuth Application** field. + - **Note**: Alternatively, you can select **Use an ngrok-managed OAuth application**. If so, there is no need to create an application in the LinkedIn developer portal. +3. Click **Save** to validate and update your traffic policy. -3. Enter the **Client ID** and **Client Secret** values you copied previously in the corresponding fields and then click **Save** to save the edge configuration. +4. Optionally, configure access control to your service by only allowing specific users or domains. -4. Access your application using the link provided by the **Endpoints** URL of your edge. + ### Additional application setup information diff --git a/docs/integrations/microsoft/oauth.mdx b/docs/integrations/microsoft/oauth.mdx index 1f7ab76833..864f6973d8 100644 --- a/docs/integrations/microsoft/oauth.mdx +++ b/docs/integrations/microsoft/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users with Azure AD OAuth --- +import Microsoft from "/traffic-policy/actions/oauth/examples/custom-microsoft-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # Microsoft OAuth ## Creating a custom Microsoft OAuth application @@ -34,11 +37,18 @@ Step-by-step instructions below closely follow [Microsoft documentation](https:/ 7. Select "New Client Secret" at the bottom, name the secret, set an expiration, and hit create. 8. Creation is asynchronous. When complete, save the secret from the "Value" column (blurred below) for later: ![](/img/howto/oauth/4-microsoft-client_secret.png) -### Update your endpoint configuration +### Update your ngrok endpoint traffic policy + +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: + + + +3. Click **Save** to validate and update your traffic policy. + +4. Optionally, configure access control to your service by only allowing specific users or domains. -1. Return to the ngrok dashboard and create or edit an OAuth endpoint configuration module. -2. Choose to use your own application with Microsoft as the provider. -3. Include the scopes, client ID, and client secret for your application. + ### Additional application setup information diff --git a/docs/integrations/twitch/oauth.mdx b/docs/integrations/twitch/oauth.mdx index 63cd05868e..19b323ab0f 100644 --- a/docs/integrations/twitch/oauth.mdx +++ b/docs/integrations/twitch/oauth.mdx @@ -2,6 +2,9 @@ description: Authenticate users with Twitch OAuth --- +import Twitch from "/traffic-policy/actions/oauth/examples/custom-twitch-example.mdx"; +import Email from "/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx"; + # Twitch ## Creating a custom Twitch OAuth application @@ -22,17 +25,18 @@ The step-by-step instructions below follow Twitch's documentation on [Using OAut ![](/img/howto/oauth/1-twitch-register.png) -### Update your endpoint configuration +### Update your ngrok endpoint traffic policy -1. Access the [ngrok Dashboard](https://dashboard.ngrok.com/), sign in, create or edit an edge, and click **OAuth** to enable the OAuth configuration. +1. Access the [ngrok Dashboard Endpoints page](https://dashboard.ngrok.com/endpoints?sortBy=createdAt&orderBy=desc) and locate an existing endpoint you'd like to add this to or create a new one. +2. In your traffic policy, add the following configuration: -2. Select **Twitch** in the **Identity Provider** selector, and select **Use my own OAuth application** in the **OAuth Application** field. + - **Note**: Alternatively, you can select **Use an ngrok-managed OAuth application**. If so, there is no need to create an application in the Twitch developer console. +3. Click **Save** to validate and update your traffic policy. -3. Enter the **Client ID** and **Client Secret** values you copied previously in the corresponding fields and then click **Save** to save the edge configuration. +4. Optionally, configure access control to your service by only allowing specific users or domains. -4. Access your application using the link provided by the **Endpoints** URL of your edge. + ### Additional application setup information diff --git a/docs/traffic-policy/actions/oidc.mdx b/docs/traffic-policy/actions/oidc.mdx index 4f8bf28f6f..c83bca2549 100644 --- a/docs/traffic-policy/actions/oidc.mdx +++ b/docs/traffic-policy/actions/oidc.mdx @@ -2,6 +2,7 @@ import ActionBehavior from "/traffic-policy/actions/oidc/behavior.mdx"; import ActionConfig from "/traffic-policy/actions/oidc/config.mdx"; import ActionExamples from "/traffic-policy/actions/oidc/examples/index.mdx"; import ActionOverview from "/traffic-policy/actions/oidc/index.mdx"; +import Pricing from "/traffic-policy/actions/oidc/pricing.mdx"; import ActionVariables from "/traffic-policy/actions/oidc/variables.mdx"; import ActionVariablesDescription from "/traffic-policy/common/action-variables-description.mdx"; @@ -16,3 +17,5 @@ import ActionVariablesDescription from "/traffic-policy/common/action-variables- + + diff --git a/docs/traffic-policy/variables/action.mdx b/docs/traffic-policy/variables/action.mdx index 27c894f4b5..77538a42aa 100644 --- a/docs/traffic-policy/variables/action.mdx +++ b/docs/traffic-policy/variables/action.mdx @@ -9,6 +9,8 @@ import BasicAuth from "/traffic-policy/actions/basic-auth/variables.mdx"; import CompressResponse from "/traffic-policy/actions/compress-response/variables.mdx"; import JwtValidation from "/traffic-policy/actions/jwt-validation/variables.mdx"; import Log from "/traffic-policy/actions/log/variables.mdx"; +import OAuth from "/traffic-policy/actions/oauth/variables.mdx"; +import OIDC from "/traffic-policy/actions/oidc/variables.mdx"; import RateLimit from "/traffic-policy/actions/rate-limit/variables.mdx"; import Redirect from "/traffic-policy/actions/redirect/variables.mdx"; import RemoveHeaders from "/traffic-policy/actions/remove-headers/variables.mdx"; @@ -40,6 +42,14 @@ import VerifyWebhook from "/traffic-policy/actions/verify-webhook/variables.mdx" +### OAuth + + + +### OpenID Connect (OIDC) + + + ### Rate Limit diff --git a/traffic-policy/actions/oauth/examples/custom-amazon-example.mdx b/traffic-policy/actions/oauth/examples/custom-amazon-example.mdx new file mode 100644 index 0000000000..7930f17b49 --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-amazon-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-facebook-example.mdx b/traffic-policy/actions/oauth/examples/custom-facebook-example.mdx new file mode 100644 index 0000000000..2102260cdd --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-facebook-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-github-example.mdx b/traffic-policy/actions/oauth/examples/custom-github-example.mdx new file mode 100644 index 0000000000..1be1d87f91 --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-github-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-gitlab-example.mdx b/traffic-policy/actions/oauth/examples/custom-gitlab-example.mdx new file mode 100644 index 0000000000..420c79c93a --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-gitlab-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-google-example.mdx b/traffic-policy/actions/oauth/examples/custom-google-example.mdx new file mode 100644 index 0000000000..34a2c15fac --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-google-example.mdx @@ -0,0 +1,28 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-linkedin-example.mdx b/traffic-policy/actions/oauth/examples/custom-linkedin-example.mdx new file mode 100644 index 0000000000..b10549de7b --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-linkedin-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-microsoft-example.mdx b/traffic-policy/actions/oauth/examples/custom-microsoft-example.mdx new file mode 100644 index 0000000000..32cccb3a9f --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-microsoft-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/custom-providers.mdx b/traffic-policy/actions/oauth/examples/custom-providers.mdx index 42f9a77f5c..f9a62ed4e3 100644 --- a/traffic-policy/actions/oauth/examples/custom-providers.mdx +++ b/traffic-policy/actions/oauth/examples/custom-providers.mdx @@ -1,4 +1,12 @@ import ConfigExample from "/src/components/ConfigExample.tsx"; +import Amazon from "./custom-amazon-example.mdx"; +import Facebook from "./custom-facebook-example.mdx"; +import Github from "./custom-github-example.mdx"; +import Gitlab from "./custom-gitlab-example.mdx"; +import Google from "./custom-google-example.mdx"; +import Linkedin from "./custom-linkedin-example.mdx"; +import Microsoft from "./custom-microsoft-example.mdx"; +import Twitch from "./custom-twitch-example.mdx"; ### Using a Custom Provider @@ -7,211 +15,32 @@ can bring your own provider. #### Google Example - + #### GitHub Example - + #### GitLab Example - + #### LinkedIn Example - + #### Microsoft Example - + #### Twitch Example - + #### Amazon Example - + #### Facebook Example - + diff --git a/traffic-policy/actions/oauth/examples/custom-twitch-example.mdx b/traffic-policy/actions/oauth/examples/custom-twitch-example.mdx new file mode 100644 index 0000000000..07f1f7ee82 --- /dev/null +++ b/traffic-policy/actions/oauth/examples/custom-twitch-example.mdx @@ -0,0 +1,25 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx b/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx new file mode 100644 index 0000000000..1ceb1ecd39 --- /dev/null +++ b/traffic-policy/actions/oauth/examples/restrict-by-email-example.mdx @@ -0,0 +1,20 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/examples/restrict-by-name-example.mdx b/traffic-policy/actions/oauth/examples/restrict-by-name-example.mdx new file mode 100644 index 0000000000..b2e9bdebfd --- /dev/null +++ b/traffic-policy/actions/oauth/examples/restrict-by-name-example.mdx @@ -0,0 +1,18 @@ +import ConfigExample from "/src/components/ConfigExample.tsx"; + + diff --git a/traffic-policy/actions/oauth/variables.mdx b/traffic-policy/actions/oauth/variables.mdx index 904950b857..9cbff9fca1 100644 --- a/traffic-policy/actions/oauth/variables.mdx +++ b/traffic-policy/actions/oauth/variables.mdx @@ -1,7 +1,5 @@ import { Config, ConfigItem } from "/src/components/ConfigTable.tsx"; -### Action Variables -

Code for an error that occurred during the invocation of an action.

@@ -27,7 +25,7 @@ import { Config, ConfigItem } from "/src/components/ConfigTable.tsx";

Identifier for the authorized user from the provider.

The current Identity session identifier for this request.

diff --git a/traffic-policy/actions/oidc/behavior.mdx b/traffic-policy/actions/oidc/behavior.mdx index dd28374e00..cebb6278d7 100644 --- a/traffic-policy/actions/oidc/behavior.mdx +++ b/traffic-policy/actions/oidc/behavior.mdx @@ -36,13 +36,13 @@ will take the following actions: When an authenticated user makes a request, ngrok will sometimes refresh a user's data from the identity provider (email, name, etc) and re-evaluate -authorization constraints. This refresh is executed as a backchannel request to +authorization constraints. This refresh is executed as a back channel request to the identity provider; it is transparent to the user and they do not go through -a reauthentication flow. +a re-authentication flow. The following circumstances trigger refresh and authorization re-evaluation: -- On a periodic interval defined by the [userinfo_refresh_interval](/docs/traffic-policy/actions/oidc/#configuration-fields) parameter. +- On a periodic interval defined by the [`userinfo_refresh_interval`](/docs/traffic-policy/actions/oidc/#configuration-fields) parameter. - If you update the OIDC configuration of the endpoint by restarting your agent with a new configuration. - If you update the OIDC configuration of the endpoint. diff --git a/traffic-policy/actions/oidc/config.mdx b/traffic-policy/actions/oidc/config.mdx index cbaca9b690..cac10ba97c 100644 --- a/traffic-policy/actions/oidc/config.mdx +++ b/traffic-policy/actions/oidc/config.mdx @@ -100,10 +100,6 @@ When this module is enabled, it populates the following fields in the | `oauth.user.id` | | `oauth.user.name` | -### Pricing - -Identity actions are limited to 2,000 requests with actions applied per month. Additional actions are available in ngrok's pay-as-you-go plan. - ## Try it out Consult the list of [supported providers](#supported-providers) for diff --git a/traffic-policy/actions/oidc/examples/basic-example.mdx b/traffic-policy/actions/oidc/examples/basic-example.mdx index a2dc7754f3..4e02712fe8 100644 --- a/traffic-policy/actions/oidc/examples/basic-example.mdx +++ b/traffic-policy/actions/oidc/examples/basic-example.mdx @@ -3,7 +3,7 @@ import ConfigExample from "/src/components/ConfigExample.tsx"; ### Using a Managed Provider The following [Traffic Policy](/docs/http/traffic-policy/) -configuration will provide your app with a google authentication step. +configuration will provide your app with an authentication step. - -The `provider` value can be replaced with any of the [Supported Providers](/docs/http/traffic-policy/oauth/#supproted-providers) that have an -a managed app available. diff --git a/traffic-policy/actions/oidc/pricing.mdx b/traffic-policy/actions/oidc/pricing.mdx new file mode 100644 index 0000000000..6648ed1a39 --- /dev/null +++ b/traffic-policy/actions/oidc/pricing.mdx @@ -0,0 +1,3 @@ +### Pricing + +Identity actions are limited to 2,000 requests with actions applied per month. Additional actions are available in ngrok's pay-as-you-go plan. diff --git a/traffic-policy/actions/oidc/variables.mdx b/traffic-policy/actions/oidc/variables.mdx index a069b16a40..5ae99f4e06 100644 --- a/traffic-policy/actions/oidc/variables.mdx +++ b/traffic-policy/actions/oidc/variables.mdx @@ -1,7 +1,5 @@ import { Config, ConfigItem } from "/src/components/ConfigTable.tsx"; -### Action Variables -

Code for an error that occurred during the invocation of an action.