Updated docs with nonce usage
This commit is contained in:
vishalnayak
parent
857f921d76
commit
9bca127631
|
|
@ -39,9 +39,16 @@ If a matching role is not found, login fails.`,
|
||||||
|
|
||||||
"nonce": &framework.FieldSchema{
|
"nonce": &framework.FieldSchema{
|
||||||
Type: framework.TypeString,
|
Type: framework.TypeString,
|
||||||
Description: `The nonce created by a client of this backend. When 'disallow_reauthentication'
|
Description: `The nonce to be used for subsequent login requests.
|
||||||
option is enabled on either the role or the role tag, then nonce parameter is
|
If this parameter is not specified at all and if reauthentication is allowed,
|
||||||
optional. It is a required parameter otherwise.`,
|
then the backend will generate a random nonce, attaches it to the instance's
|
||||||
|
identity-whitelist entry and returns the nonce back as part of auth metadata.
|
||||||
|
This value should be used with further login requests, to establish client
|
||||||
|
authenticity. Clients can choose to set a custom nonce if preferred, in which
|
||||||
|
case, it is recommended that clients provide a strong nonce. If a nonce is
|
||||||
|
provided but with an empty value, it indicates intent to disable
|
||||||
|
reauthentication. Note that, when `disallow_reauthentication` option is enabled
|
||||||
|
on either the role or the role tag, the `nonce` holds no significance.`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1133,12 +1133,16 @@ in its identity document to match the one specified by this parameter.
|
||||||
<li>
|
<li>
|
||||||
<span class="param">nonce</span>
|
<span class="param">nonce</span>
|
||||||
<span class="param-flags">optional</span>
|
<span class="param-flags">optional</span>
|
||||||
The `nonce` to be used for reauthentication requests. By default, the backend
|
The nonce to be used for subsequent login requests. If this parameter is not
|
||||||
generates a `nonce` if it is not supplied and returns it as part of auth `metadata`.
|
specified at all and if reauthentication is allowed, then the backend will
|
||||||
If a custom nonce is desired, this field can be supplied during the first login
|
generate a random nonce, attaches it to the instance's identity-whitelist entry
|
||||||
attempt. Usage of strong `nonce` value is recommended. Note that, when
|
and returns the nonce back as part of auth metadata. This value should be used
|
||||||
`disallow_reauthentication` option is enabled on either the role or the role
|
with further login requests, to establish client authenticity. Clients can
|
||||||
tag, the `nonce` holds no significance.
|
choose to set a custom nonce if preferred, in which case, it is recommended
|
||||||
|
that clients provide a strong nonce. If a nonce is provided but with an empty
|
||||||
|
value, it indicates intent to disable reauthentication. Note that, when
|
||||||
|
`disallow_reauthentication` option is enabled on either the role or the role
|
||||||
|
tag, the `nonce` holds no significance.
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue