diff --git a/README.md b/README.md index e59b6c4f..9940b698 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,13 @@ end | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n" | | logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out' | | acr_values | Authentication Class Reference (ACR) values to be passed to the authorize_uri to enforce a specific level, see [RFC9470](https://www.rfc-editor.org/rfc/rfc9470.html) | no | nil | "c1 c2" | +| client_signing_alg | If specified, verify that the JWT token is signed with the expected algorithm | no | nil | "RS256", "HS256" | +| client_jwk_signing_key | JWK (JSON Web Key) used to verify the JWT token signature | no | nil | { "kty": "RSA", ... } | +| client_x509_signing_key | X.509 certificate used to verify the JWT token signature | no | nil | "-----BEGIN CERTIFICATE-----\n..." | +| hd | Host domain parameter, primarily for Google OpenID Connect, to restrict authentication to a specific G Suite domain | no | nil | "example.com" | +| max_age | Maximum authentication age in seconds. If the elapsed time is greater than this value, the session is no longer valid | no | nil | 3600 | +| ui_locales | End-user's preferred languages and scripts for the user interface | no | nil | "en-US fr-CA" | +| id_token_hint | Previously issued ID Token passed as a hint about the user's previous authentication session | no | nil | "eyJhbGciOiJSUzI1NiJ9..." | ### Client Config Options