1 files changed, 20 insertions, 2 deletions

diff --git a/share/man/ENVOY.md b/share/man/ENVOY.md
index 4e57c52..cd84781 100644
--- a/share/man/ENVOY.md
+++ b/share/man/ENVOY.md
@@ -317,6 +317,14 @@ does not support the OIDC Discovery endpoint but an Envoy Gateway
 Envoy Gateway is a control plane that is outside the scope of this document.
 
 ```yaml
+static_resources:
+  listeners:
+    - filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                http_filters:
                   - name: envoy.filters.http.oauth2
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2
@@ -328,6 +336,8 @@ Envoy Gateway is a control plane that is outside the scope of this document.
                         authorization_endpoint: "https://gitlab.com/oauth/authorize"
                         credentials:
                           client_id: "OAUTH_CLIENT_ID"
+                          cookie_names:
+                            id_token: id_token
                         redirect_path_matcher:
                           path:
                             exact: /callback
@@ -336,7 +346,6 @@ Envoy Gateway is a control plane that is outside the scope of this document.
                           path:
                             exact: /signout
                         token_endpoint:
-                          cluster: oidc
                           uri: "https://gitlab.com/oauth/token"
                         use_refresh_token: true
 ```
@@ -379,6 +388,16 @@ parse the value, validate it against the list of keys specified at the
 the valid JWT as well as the `x-jwt-claim-sub` with the body section of the JWT.
 
 ```yaml
+static_resources:
+  listeners:
+    - filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                http_filters:
+                  - name: envoy.filters.http.oauth2
+                    # ...
                   - name: envoy.filters.http.jwt_authn
                     typed_config:
                       "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
@@ -397,7 +416,6 @@ the valid JWT as well as the `x-jwt-claim-sub` with the body section of the JWT.
                           remote_jwks:
                             http_uri:
                               uri: https://gitlab.com/oauth/discovery/keys
-                              cluster: oidc
                       rules:
                         - match:
                             path: /