Update OpenID Connect documentation

List the supported values for client_auth_method

Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md
index 454da8c2866..9f5814001e7 100644
--- a/doc/administration/auth/oidc.md
+++ b/doc/administration/auth/oidc.md
@@ -81,6 +81,13 @@ The OpenID Connect will provide you with a client details and secret for you to
     - `<your_oidc_url>` (optional) is the URL that points to the OpenID Connect provider. For example, `https://example.com/auth/realms/your-realm`.
       If this value is not provided, the URL is constructed from the `client_options` in the following format: `<client_options.scheme>://<client_options.host>:<client_options.port>`.
     - If `discovery` is set to `true`, the OpenID Connect provider will try to auto discover the client options using `<your_oidc_url>/.well-known/openid-configuration`. Defaults to `false`.
+    - `client_auth_method` (optional) specifies the method used for authenticating the client with the OpenID Connect provider.
+      - Supported values are:
+        - `basic` - HTTP Basic Authentication
+        - `jwt_bearer` - JWT based authentication (private key and client secret signing)
+        - `mtls` - Mutual TLS or X.509 certificate validation
+        - Any other value will POST the client id and secret in the request body
+      - If not specified, defaults to `basic`.
     - `<uid_field>` (optional) is the field name from the `user_info` details that will be used as `uid` value. For example, `preferred_username`.
       If this value is not provided or the field with the configured value is missing from the `user_info` details, the `uid` will use the `sub` field.
     - `client_options` are the OpenID Connect client-specific options. Specifically: