From 5015656368aefbf1b5f227a8b2874dcfdff4a5f5 Mon Sep 17 00:00:00 2001
From: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
Date: Mon, 6 Jan 2025 14:54:01 -0600
Subject: [PATCH] docs(jans-cedarling): update docs

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
---
 docs/cedarling/cedarling-authz.md        | 37 ++++++++++++------------
 docs/cedarling/cedarling-policy-store.md |  8 +++--
 docs/cedarling/python/sidecar.md         | 14 +++++----
 3 files changed, 31 insertions(+), 28 deletions(-)

diff --git a/docs/cedarling/cedarling-authz.md b/docs/cedarling/cedarling-authz.md
index 0f5f03fe0f3..03fec2f3145 100644
--- a/docs/cedarling/cedarling-authz.md
+++ b/docs/cedarling/cedarling-authz.md
@@ -56,25 +56,24 @@ this is a sample request from a hypothetical application:
 
 ```js
 input = { 
-  "tokens": {
-    "access_token": "eyJhbGc....", 
-    "id_token": "eyJjbGc...", 
-    "userinfo_token": "eyJjbGc...",
-  },
-    "action": "View",
-    "resource": {
-      "id": "ticket-10101",
-      "type" : "Ticket",
-      "owner": "bob@acme.com", 
-      "org_id": "Acme"
-    },
-      "context": {
-        "ip_address": "54.9.21.201",
-        "network_type": "VPN",
-        "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
-        "time": "1719266610.98636",
-      }
-    }
+           "access_token": "eyJhbGc....", 
+           "id_token": "eyJjbGc...", 
+           "userinfo_token": "eyJjbGc...",
+           "tx_token": "eyJjbGc...",
+           "action": "View",
+           "resource": {
+                          "id": "ticket-10101",
+                          "type" : "Ticket",
+                          "owner": "bob@acme.com", 
+                          "org_id": "Acme"
+                        },
+           "context": {
+                       "ip_address": "54.9.21.201",
+                       "network_type": "VPN",
+                       "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
+                       "time": "1719266610.98636",
+                      }
+         }
 
 decision_result = authz(input)
 ```
diff --git a/docs/cedarling/cedarling-policy-store.md b/docs/cedarling/cedarling-policy-store.md
index 55bdf64de8c..504f9cf69ca 100644
--- a/docs/cedarling/cedarling-policy-store.md
+++ b/docs/cedarling/cedarling-policy-store.md
@@ -178,7 +178,11 @@ This record contains the information needed to validate tokens from this issuer:
 - **description** : (*String*) A brief description of the trusted issuer, providing context for administrators.
 - **openid_configuration_endpoint** : (*String*) The HTTPS URL for the OpenID Connect configuration endpoint (usually found at `/.well-known/openid-configuration`).
 - **identity_source** : (*Object*, *optional*) Metadata related to the tokens issued by this issuer.
-- **`access_tokens`, `id_tokens`, `userinfo_tokens`, and `tx_tokens`**: See: [Token Metadata Schema](#token-metadata-schema).
+
+**Notes**:
+
+- The `access_tokens`, `id_tokens`, `userinfo_tokens`, and `tx_tokens` fields will follow the [Token Metadata Schema](#token-metadata-schema).
+- The `access_tokens` will contain a `trusted` and `principal_identifier` field in addition to the fields from the `Token Metadata Schema`.
 
 ### Token Metadata Schema
 
@@ -186,8 +190,6 @@ The Token Entity Metadata Schema defines how tokens are mapped, parsed, and tran
 
 ```json
 {
-  "trusted": bool,
-  "principal_identifier": "str",
   "user_id": "<field name in token (e.g., 'email', 'sub', 'uid', etc.) or '' if not used>",
   "role_mapping": "<field for role assignment (e.g., 'role', 'memberOf', etc.) or '' if not used>",
   "claim_mapping": {
diff --git a/docs/cedarling/python/sidecar.md b/docs/cedarling/python/sidecar.md
index 9febea1c8a4..0ba9f5f9289 100644
--- a/docs/cedarling/python/sidecar.md
+++ b/docs/cedarling/python/sidecar.md
@@ -14,7 +14,7 @@ The sidecar is a containerized Flask project that uses the `cedarling_python` bi
 - Ensure that you have installed [docker](https://docs.docker.com/engine/install/) and [docker compose](https://docs.docker.com/compose/install/). 
 - Clone the [Janssen](https://github.com/JanssenProject/jans) repository
 - Navigate to `jans/jans-cedarling/flask-sidecar`
-- Edit the provided `secrets/bootstrap.json` file to your specifications. The configuration keys are described [here](https://github.com/JanssenProject/jans/blob/ffe9f493e4a5c6b05f2adeeb8a6eba7eb83b103e/jans-cedarling/bindings/cedarling_python/cedarling_python.pyi#L9). 
+- Edit the provided `secrets/bootstrap.json` file to your specifications. The configuration keys are described [here](https://github.com/JanssenProject/jans/blob/main/jans-cedarling/bindings/cedarling_python/cedarling_python.pyi#L10). 
 - Run `docker compose up`
   - For cloud deployments, please use the provided Dockerfile and pass your bootstrap configuration via the environment variable `CEDARLING_BOOTSTRAP_CONFIG_FILE`.
 - The sidecar runs on port 5000. OpenAPI documentation is available at `http://0.0.0.0:5000/swagger-ui`
@@ -28,8 +28,13 @@ Example request to the evaluation endpoint:
 ```
 {
 	"subject": {
-		"type": "string",
-		"id": "string"
+		"type": "JWT",
+		"id": "cedarling",
+		"properties": {
+			"access_token": "",
+			"id_token": "",
+			"userinfo_token": ""
+		}
 	},
 	"resource": {
 		"type": "Jans::Application",
@@ -48,9 +53,6 @@ Example request to the evaluation endpoint:
 		"name": "Jans::Action::\"Read\""
 	},
 	"context": {
-		"access_token": "...",
-		"id_token": "...",
-		"userinfo_token": "...",
 		"device_health": [
 			"Healthy"
 		],