Backport missing `roles_claim_name` to 3.2.2-docs (#4250)

Add missing configuration option to the 3.2.2 docs.
author: Ronny Berndt <ronny@apache.org> 2022-10-31 14:32:18 +0100
committer: GitHub <noreply@github.com> 2022-10-31 14:32:18 +0100
commit: aeb754de0c057cb80774e06a002d356e2ecbc98c (patch)
tree: 312fba2f3f73b20a6bd8a6218f09080420021ea1
parent: 64ad2f0e175a709480be590098a018350a4641e9 (diff)
download: couchdb-aeb754de0c057cb80774e06a002d356e2ecbc98c.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/src/docs/src/config/auth.rst b/src/docs/src/config/auth.rst
index 70ec276e5..a72eb701d 100644
--- a/src/docs/src/config/auth.rst
+++ b/src/docs/src/config/auth.rst
@@ -366,3 +366,31 @@ Authentication Configuration
 
             [jwt_auth]
                 required_claims = exp,iat
+
+.. config:option:: roles_claim_name :: Optional CouchDB roles claim in JWT token
+
+    If presented, as a JSON array of strings, it is used as the CouchDB user's roles
+    list as long as the JWT token is valid. The default value for ``roles_claim_name``
+    is ``_couchdb.roles``.
+
+    .. note::
+        Values for ``roles_claim_name`` can only be top-level attributes in the JWT
+        token.
+
+    Let's assume, we have the following configuration:
+
+    .. code-block:: ini
+
+        [jwt_auth]
+        roles_claim_name = my-couchdb.roles
+
+    CouchDB will search for the attribute ``my-couchdb.roles`` in the JWT token.
+
+    .. code-block:: json
+
+        {
+            "my-couchdb.roles": [
+                "role_1",
+                "role_2"
+            ]
+        }
author	Ronny Berndt <ronny@apache.org>	2022-10-31 14:32:18 +0100
committer	GitHub <noreply@github.com>	2022-10-31 14:32:18 +0100
commit	aeb754de0c057cb80774e06a002d356e2ecbc98c (patch)
tree	312fba2f3f73b20a6bd8a6218f09080420021ea1
parent	64ad2f0e175a709480be590098a018350a4641e9 (diff)
download	couchdb-aeb754de0c057cb80774e06a002d356e2ecbc98c.tar.gz