docs: add static_resources section to yaml example

author: mo khan <mo@mokhan.ca> 2025-05-26 13:58:23 -0600
committer: mo khan <mo@mokhan.ca> 2025-05-26 13:58:23 -0600
commit: 43928ae40537c3b0b57ff509c26a2cab87d20fae (patch)
tree: c33f0a04fa492d897492609ec9056d729742faa4 /share
parent: a0cff5d8fe103b34fcf26e943616d9546444aa96 (diff)
1 files changed, 20 insertions, 2 deletions
diff --git a/share/man/ENVOY.md b/share/man/ENVOY.md
index 4e57c52..cd84781 100644
--- a/share/man/ENVOY.md
+++ b/share/man/ENVOY.md
@@ -317,6 +317,14 @@ does not support the OIDC Discovery endpoint but an Envoy Gateway
 Envoy Gateway is a control plane that is outside the scope of this document.
 
 ```yaml
+static_resources:
+  listeners:
+    - filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                http_filters:
                   - name: envoy.filters.http.oauth2
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2
@@ -328,6 +336,8 @@ Envoy Gateway is a control plane that is outside the scope of this document.
                         authorization_endpoint: "https://gitlab.com/oauth/authorize"
                         credentials:
                           client_id: "OAUTH_CLIENT_ID"
+                          cookie_names:
+                            id_token: id_token
                         redirect_path_matcher:
                           path:
                             exact: /callback
@@ -336,7 +346,6 @@ Envoy Gateway is a control plane that is outside the scope of this document.
                           path:
                             exact: /signout
                         token_endpoint:
-                          cluster: oidc
                           uri: "https://gitlab.com/oauth/token"
                         use_refresh_token: true
 ```
@@ -379,6 +388,16 @@ parse the value, validate it against the list of keys specified at the
 the valid JWT as well as the `x-jwt-claim-sub` with the body section of the JWT.
 
 ```yaml
+static_resources:
+  listeners:
+    - filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                http_filters:
+                  - name: envoy.filters.http.oauth2
+                    # ...
                   - name: envoy.filters.http.jwt_authn
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
@@ -397,7 +416,6 @@ the valid JWT as well as the `x-jwt-claim-sub` with the body section of the JWT.
                           remote_jwks:
                             http_uri:
                               uri: https://gitlab.com/oauth/discovery/keys
-                              cluster: oidc
                       rules:
                         - match:
                             path: /
author	mo khan <mo@mokhan.ca>	2025-05-26 13:58:23 -0600
committer	mo khan <mo@mokhan.ca>	2025-05-26 13:58:23 -0600
commit	43928ae40537c3b0b57ff509c26a2cab87d20fae (patch)
tree	c33f0a04fa492d897492609ec9056d729742faa4 /share
parent	a0cff5d8fe103b34fcf26e943616d9546444aa96 (diff)