From 0ec91dd4ffc6c8ef27321f270f3d9c63a0547ecf Mon Sep 17 00:00:00 2001
From: Eryk Kullikowski <eryk.kulikowski@gmail.com>
Date: Sun, 13 Oct 2024 15:57:11 +0200
Subject: [PATCH] updated configuration

---
 .../PR-10905-OIDC-new-implementation.md              |  5 +++++
 .../installation/files/root/auth-providers/oidc.json |  2 +-
 doc/sphinx-guides/source/installation/oidc.rst       | 12 ++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/doc/release-notes/PR-10905-OIDC-new-implementation.md b/doc/release-notes/PR-10905-OIDC-new-implementation.md
index 09147b8302b..437f2fa55b1 100644
--- a/doc/release-notes/PR-10905-OIDC-new-implementation.md
+++ b/doc/release-notes/PR-10905-OIDC-new-implementation.md
@@ -13,6 +13,11 @@ The following settings become deprecated with this change and can be removed fro
 - `dataverse.auth.oidc.pkce.max-cache-size`
 - `dataverse.auth.oidc.pkce.max-cache-age`
 
+The following settings new:
+- `dataverse.auth.oidc.issuer-identifier`
+- `dataverse.auth.oidc.issuer-identifier-field`
+- `dataverse.auth.oidc.subject-identifier-field`
+
 Also, the bearer token authentication is now always enabled. Therefore, the `dataverse.feature.api-bearer-auth` feature flag is no longer used and can be removed from the configuration as well.
 
 The new implementation relies now on the builtin OIDC support in our application server (Payara). With this change the Nimbus SDK is no longer used and is removed from the dependencies.
diff --git a/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json b/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json
index c950963d776..e081a0fc454 100644
--- a/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json
+++ b/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json
@@ -3,6 +3,6 @@
     "factoryAlias":"oidc",
     "title":"<a title - shown in UI>",
     "subtitle":"<a subtitle - currently unused in UI>",
-    "factoryData":"type: oidc | issuer: <issuer url> | clientId: <client id> | clientSecret: <client secret>",
+    "factoryData":"type: oidc | issuer: <issuer url> | clientId: <client id> | clientSecret: <client secret> | issuerId: <issuer id> | issuerIdField: <issuer id field> | subjectIdField: <subject id field>",
     "enabled":true
 }
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/installation/oidc.rst b/doc/sphinx-guides/source/installation/oidc.rst
index 6fabdbe339c..7a195a42ba8 100644
--- a/doc/sphinx-guides/source/installation/oidc.rst
+++ b/doc/sphinx-guides/source/installation/oidc.rst
@@ -148,6 +148,18 @@ The following options are available:
     - A subtitle, currently not displayed by the UI.
     - N
     - ``OpenID Connect``
+  * - ``dataverse.auth.oidc.issuer-identifier``
+    - Issuer identifier value as found in the JWT token claims under ``dataverse.auth.oidc.issuer-identifier-field``.
+    - N
+    - ``value from dataverse.auth.oidc.auth-server-url``
+  * - ``dataverse.auth.oidc.issuer-identifier-field``
+    - Issuer identifier field name in the JWT token claims.
+    - N
+    - ``iss``
+  * - ``dataverse.auth.oidc.subject-identifier-field``
+    - Subject identifier field name in the JWT token claims.
+    - N
+    - ``sub``
 
 .. _oidc-log-in: