Skip to content

Commit 6e52e30

Browse files
authored
feat: Update OAuth docs with user_info_request.response_map (#360)
1 parent bdabba2 commit 6e52e30

3 files changed

Lines changed: 33 additions & 15 deletions

File tree

examples/code/home/configuration/engine/full_config.1.0.yaml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,27 @@ auth:
6565
expires_in: '$.expires_in'
6666
scope: '$.scope'
6767
token_type: '$.token_type'
68+
token_introspection_request: # Optional
69+
endpoint: 'https://example.com/oauth/introspect'
70+
method: POST
71+
params:
72+
token: '{{access_token}}'
73+
auth_method: client_secret_basic # Optional
74+
request_content_type: application/x-www-form-urlencoded # Optional
75+
response_content_type: application/json # Optional
76+
response_map: # Optional
77+
expires_in: '$.data.expires_in'
78+
scope: '$.data.scope'
79+
expiration_format: relative_seconds # or absolute_unix_timestamp
80+
triggers:
81+
on_token_grant: true
82+
on_token_refresh: true
6883
user_info_request: # Optional
6984
endpoint: 'https://example.com/oauth/userinfo'
7085
auth_method: bearer_access_token
7186
response_content_type: application/json
87+
response_map:
88+
custom_property: '$.data.custom_property'
7289
triggers:
7390
on_token_grant: true
7491
on_token_refresh: true

pages/home/auth-providers/oauth2.mdx

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ token_request:
190190
```
191191

192192
- `response_content_type` _(optional, default `application/json`)_: The expected content type of the response. Supported values are `application/json` and `application/x-www-form-urlencoded`.
193-
- `response_map` _(optional)_: A map of keys and values to extract from the response. Supports simple JSONPath expressions. Only applicable if `response_content_type` is `application/json`. See the [JSONPath reference](#jsonpath-expressions-in-response_map) for details on extracting values using JSONPath.
193+
- `response_map` _(optional)_: A map of keys and values to extract from the response. Supported keys are `access_token`, `expires_in`, `refresh_token`, `scope`, and `token_type`. Supports simple JSONPath expressions. Only applicable if `response_content_type` is `application/json`. See the [JSONPath reference](#jsonpath-expressions-in-response_map) for details on extracting values using JSONPath.
194194

195195
#### `refresh_request`
196196

@@ -218,7 +218,7 @@ refresh_request:
218218
```
219219

220220
- `response_content_type` _(optional, default `application/json`)_: The expected content type of the response. Supported values are `application/json` and `application/x-www-form-urlencoded`.
221-
- `response_map` _(optional)_: A map of keys and values to extract from the response. Supports simple JSONPath expressions. Only applicable if `response_content_type` is `application/json`. See the [JSONPath reference](#jsonpath-expressions-in-response_map) for details on extracting values using JSONPath.
221+
- `response_map` _(optional)_: A map of keys and values to extract from the response. Supported keys are `access_token`, `expires_in`, `refresh_token`, `scope`, and `token_type`. Supports simple JSONPath expressions. Only applicable if `response_content_type` is `application/json`. See the [JSONPath reference](#jsonpath-expressions-in-response_map) for details on extracting values using JSONPath.
222222

223223
#### `user_info_request`
224224

@@ -227,6 +227,7 @@ Some OAuth 2.0 APIs provide a user info endpoint that returns information about
227227
- `endpoint`: The user info endpoint for your OAuth 2.0 server, e.g. `/oauth2/userinfo`
228228
- `auth_method` _(optional, default `bearer_access_token`)_: The authentication method to use. The only supported value is `bearer_access_token`.
229229
- `response_content_type` _(optional, default `application/json`)_: The expected content type of the response. The only supported value is `application/json`.
230+
- `response_map` _(optional)_: A map of keys and values to extract from the response. If no `response_map` is provided, the entire response will be extracted verbatim. Supports simple JSONPath expressions. Only applicable if `response_content_type` is `application/json`. See the [JSONPath reference](#jsonpath-expressions-in-response_map) for details on extracting values using JSONPath.
230231
- `triggers`: Controls when the user info request is made.
231232
- `on_token_grant`: If `true`, the user info request will be made when a token is granted. This is typically only once for each user, unless new scopes are granted.
232233
- `on_token_refresh`: If `true`, the user info request will be made every time a token is refreshed.
@@ -272,17 +273,17 @@ auth:
272273
- `auth_method` _(optional, default `client_secret_basic`)_: The authentication method to use for the token introspection request. Supported values are `client_secret_basic` and `bearer_access_token`.
273274
- `request_content_type` _(optional, default `application/x-www-form-urlencoded`)_: The content type of the request body.
274275
- `response_content_type` _(optional, default `application/json`)_: The content type of the response body.
275-
- `response_map` _(required)_: A map of keys and values to extract from the response. Supports simple JSONPath expressions. Supported keys are `access_token`, `expires_in`, `refresh_token`, `scope`, and `token_type`.
276+
- `response_map` _(required)_: A map of keys and values to extract from the response. Supported keys are `expires_in` and `scope`. Supports simple JSONPath expressions.
276277
- `expiration_format` _(optional, default `absolute_unix_timestamp`)_: The format of the expiration time. Supported values are `absolute_unix_timestamp` and `relative_seconds`.
277278
- `triggers` _(required)_: Controls when the token introspection request is made.
278279
- `on_token_grant`: If `true`, the token introspection request will be made when a token is granted. This is typically only once for each user, unless new scopes are granted.
279280
- `on_token_refresh`: If `true`, the token introspection request will be made every time a token is refreshed.
280281

281282
#### JSONPath expressions in `response_map`
282283

283-
In the `token_request` and `refresh_request` sections, you can optionally configure a `response_map`. Configuring a response map is useful if your OAuth 2.0 server returns a JSON object with nested properties, or properties with non-standard names.
284+
In the `token_request`, `refresh_request`, `token_introspection_request`, and `user_info_request` sections, you can specify a `response_map`. Configuring a response map is useful if your OAuth 2.0 server returns a JSON object with nested properties, or properties with non-standard names.
284285

285-
The typical JSON payload that most OAuth 2.0 servers return looks like this:
286+
For example, for the token request, most OAuth 2.0 servers return a JSON payload that looks like this:
286287

287288
```json
288289
{
@@ -293,7 +294,7 @@ The typical JSON payload that most OAuth 2.0 servers return looks like this:
293294
}
294295
```
295296

296-
If your server returns a payload that looks like this, you don't need `response_map`.
297+
If your server returns a payload of this shape, you don't need `response_map`!
297298

298299
But if your server returns:
299300

@@ -308,18 +309,18 @@ But if your server returns:
308309
}
309310
```
310311

311-
Then you need to configure `response_map` to extract the properties from inside the `data` object. Use [JSONPath](https://en.wikipedia.org/wiki/JSONPath) expressions to select the properties you need:
312+
Then you need to configure `response_map` to extract the nested properties from inside the `data` object. Use [JSONPath](https://en.wikipedia.org/wiki/JSONPath) expressions to select the properties you need:
312313

313314
```yaml
314-
token_request: # or refresh_request
315+
token_request:
315316
response_map:
316317
access_token: "$.data.access_token"
317318
expires_in: "$.data.expires_in"
318319
refresh_token: "$.data.refresh_token" # Only needed if refresh tokens are used
319320
scope: "$.data.scope" # Only needed if scopes are used
320321
```
321322

322-
Not all OAuth 2.0 servers support refresh tokens, or use scopes. The only required properties are `access_token` and `expires_in`.
323+
Similarly, for user info or token introspection requests, you can use `response_map` to extract custom properties from the response.
323324

324325
#### Handling scope arrays
325326

@@ -395,7 +396,7 @@ Here's a full example of the YAML configuration for a custom OAuth 2.0 provider:
395396

396397
<ToggleContent showText="Click to view example" hideText="Hide example">
397398

398-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L8-L71 {11-71}
399+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L9-L91 {11-83}
399400
400401
```
401402

pages/home/local-deployment/configure/engine.mdx

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ Two cache implementations are available:
119119
- `in_memory` - _(default)_ An in-memory cache implementation suitable for a single-node Arcade Engine deployment.
120120
- `redis` - A Redis cache implementation suitable for a multi-node Arcade Engine deployment:
121121

122-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L76-L81 {3-6}
122+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L93-L98 {3-6}
123123
124124
```
125125

@@ -129,7 +129,7 @@ The `security` section configures the root encryption keys that the Arcade Engin
129129

130130
A typical configuration looks like this:
131131

132-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L93-L97
132+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L110-L116
133133
134134
```
135135

@@ -170,7 +170,7 @@ storage:
170170

171171
- `postgres` - A PostgreSQL database, suitable for production:
172172

173-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L101-L108
173+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L118-L125 {2-10}
174174
175175
```
176176

@@ -194,7 +194,7 @@ telemetry:
194194
To connect to OpenTelemetry compatible collectors, set the necessary [OpenTelemetry environment variables](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/) in the `engine.env` file.
195195
`environment` and `version` are fields that are added to the telemetry attributes, which can be filtered on later.
196196

197-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L110-L114
197+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L127-L131
198198
199199
```
200200

@@ -210,7 +210,7 @@ Arcade Engine orchestrates [tools](/home/use-tools/tools-overview) that AI model
210210

211211
The `tools.directors` section configures the workers that are available to service tool calls:
212212

213-
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L116-L128 {6-13}
213+
```yaml file=<rootDir>/examples/code/home/configuration/engine/full_config.1.0.yaml#L133-L146 {3-13}
214214
215215
```
216216

0 commit comments

Comments
 (0)