diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md index 626cd650..4bd540b5 100644 --- a/Documentation/connectors/ldap.md +++ b/Documentation/connectors/ldap.md @@ -89,7 +89,7 @@ connectors: # server provides access for anonymous auth. # Please note that if the bind password contains a `$`, it has to be saved in an # environment variable which should be given as the value to `bindPW`. - bindDN: uid=seviceaccount,cn=users,dc=example,dc=com + bindDN: uid=serviceaccount,cn=users,dc=example,dc=com bindPW: password # The attribute to display in the provided password prompt. If unset, will diff --git a/Documentation/connectors/oidc.md b/Documentation/connectors/oidc.md index 55b7a96e..7db2926b 100644 --- a/Documentation/connectors/oidc.md +++ b/Documentation/connectors/oidc.md @@ -10,7 +10,7 @@ Prominent examples of OpenID Connect providers include Google Accounts, Salesfor This connector does not support the "groups" claim. Progress for this is tracked in [issue #1065][issue-1065]. -When using refresh tokens, changes to the upstream claims aren't propegated to the id_token returned by dex. If a user's email changes, the "email" claim returned by dex won't change unless the user logs in again. Progress for this is tracked in [issue #863][issue-863]. +When using refresh tokens, changes to the upstream claims aren't propagated to the id_token returned by dex. If a user's email changes, the "email" claim returned by dex won't change unless the user logs in again. Progress for this is tracked in [issue #863][issue-863]. ## Configuration @@ -36,7 +36,7 @@ connectors: # Some providers require passing client_secret via POST parameters instead # of basic auth, despite the OAuth2 RFC discouraging it. Many of these - # cases are caught internally, but some may need to uncommented the + # cases are caught internally, but some may need to uncomment the # following field. # # basicAuthUnsupported: true @@ -56,7 +56,7 @@ connectors: # - email # - groups - # Some providers return claims without "email_verified", when they had no usage of emails verification in enrollement process + # Some providers return claims without "email_verified", when they had no usage of emails verification in enrollment process # or if they are acting as a proxy for another IDP etc AWS Cognito with an upstream SAML IDP # This can be overridden with the below option # insecureSkipEmailVerified: true diff --git a/Documentation/proposals/upstream-refreshing.md b/Documentation/proposals/upstream-refreshing.md index 019bd9f8..414f0e29 100644 --- a/Documentation/proposals/upstream-refreshing.md +++ b/Documentation/proposals/upstream-refreshing.md @@ -11,7 +11,7 @@ in with GitHub. ## The problem -When dex is federaing to an upstream identity provider (IDP), we want to ensure +When dex is federating to an upstream identity provider (IDP), we want to ensure claims being passed onto clients remain fresh. This includes data such as Google accounts display names, LDAP group membership, account deactivations. Changes to these on an upstream IDP should always be reflected in the claims dex passes to