From aee8933ca008ac0e8d4423fbb3f8c524e1f31872 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Tue, 9 Mar 2021 08:47:34 +0200
Subject: [PATCH 1/4] Add doc reference for client_auth_method

Support for additional Client authentication methods was added in
the OIDC realm in #58708. This change adds the `rp.client_auth_method`
in the realm settings reference doc.
---
 docs/reference/settings/security-settings.asciidoc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index f296221115a1f..eea73a84642d7 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1633,6 +1633,14 @@ at the OpenID Connect Provider.
 The OAuth 2.0 Client Secret that was assigned to {es} during registration
 at the OpenID Connect Provider.
 
+// tag::rp-client-auth-method-tag[]
+`rp.client_auth_method` {ess-icon}::
+(<<static-cluster-setting, Static>>)
+The Client authentication method used by elasticsearch as a client to authenticate
+to the OpenID Connect Provider. Can be `client_secret_basic`, `client_secret_post`,
+or `client_secret_jwt`. Defaults to `client_secret_basic`.
+// end::rp-client-auth-method-tag[]
+
 // tag::rp-redirect-uri-tag[]
 `rp.redirect_uri` {ess-icon}::
 (<<static-cluster-setting,Static>>)

From 50e40e5071f2d2c79e40227e2dfe5259cc081f70 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Tue, 9 Mar 2021 09:19:10 +0200
Subject: [PATCH 2/4] add signature setting

---
 docs/reference/settings/security-settings.asciidoc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index eea73a84642d7..b2fa0861dfa18 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1641,6 +1641,15 @@ to the OpenID Connect Provider. Can be `client_secret_basic`, `client_secret_pos
 or `client_secret_jwt`. Defaults to `client_secret_basic`.
 // end::rp-client-auth-method-tag[]
 
+// tag::rp-client-auth-jwt-signature-algorithm[]
+`rp.client_auth_signature_algorithm` {ess-icon}::
+(<<static-cluster-setting, Static>>)
+The signature algorithm tat {es} uses to sign the JWT with which it authenticates
+as a Client to the OpenID Connect Provider when `client_secret_jwt` is selected for
+`rp.client_auth_method`. Can be either `HS256`, `HS384`, or `HS512`. Defaults to 
+`HS384`. 
+// end::rp-client-auth-jwt-signature-algorithm[]
+
 // tag::rp-redirect-uri-tag[]
 `rp.redirect_uri` {ess-icon}::
 (<<static-cluster-setting,Static>>)

From ea64c300f60bd6ea8ece9fdbb5248034c00f0b74 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ikakavas@protonmail.com>
Date: Tue, 9 Mar 2021 09:57:38 +0200
Subject: [PATCH 3/4] Update docs/reference/settings/security-settings.asciidoc

typo

Co-authored-by: Yang Wang <ywangd@gmail.com>
---
 docs/reference/settings/security-settings.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index b2fa0861dfa18..8e628a7b5a137 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1644,7 +1644,7 @@ or `client_secret_jwt`. Defaults to `client_secret_basic`.
 // tag::rp-client-auth-jwt-signature-algorithm[]
 `rp.client_auth_signature_algorithm` {ess-icon}::
 (<<static-cluster-setting, Static>>)
-The signature algorithm tat {es} uses to sign the JWT with which it authenticates
+The signature algorithm that {es} uses to sign the JWT with which it authenticates
 as a Client to the OpenID Connect Provider when `client_secret_jwt` is selected for
 `rp.client_auth_method`. Can be either `HS256`, `HS384`, or `HS512`. Defaults to 
 `HS384`. 

From ce552b61371d103660811479210eff9eeae1b15f Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Wed, 10 Mar 2021 12:00:51 +0200
Subject: [PATCH 4/4] address feedback

---
 docs/reference/settings/security-settings.asciidoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index 8e628a7b5a137..b583ef81631fc 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -1636,7 +1636,7 @@ at the OpenID Connect Provider.
 // tag::rp-client-auth-method-tag[]
 `rp.client_auth_method` {ess-icon}::
 (<<static-cluster-setting, Static>>)
-The Client authentication method used by elasticsearch as a client to authenticate
+The client authentication method used by {es} to authenticate
 to the OpenID Connect Provider. Can be `client_secret_basic`, `client_secret_post`,
 or `client_secret_jwt`. Defaults to `client_secret_basic`.
 // end::rp-client-auth-method-tag[]
@@ -1645,7 +1645,7 @@ or `client_secret_jwt`. Defaults to `client_secret_basic`.
 `rp.client_auth_signature_algorithm` {ess-icon}::
 (<<static-cluster-setting, Static>>)
 The signature algorithm that {es} uses to sign the JWT with which it authenticates
-as a Client to the OpenID Connect Provider when `client_secret_jwt` is selected for
+as a client to the OpenID Connect Provider when `client_secret_jwt` is selected for
 `rp.client_auth_method`. Can be either `HS256`, `HS384`, or `HS512`. Defaults to 
 `HS384`. 
 // end::rp-client-auth-jwt-signature-algorithm[]