From 6f974a9bef16d254f36679a0cce9f980568cbdc1 Mon Sep 17 00:00:00 2001
From: David Wobrock <david.wobrock@backmarket.com>
Date: Fri, 9 Aug 2024 16:29:32 +0200
Subject: [PATCH] chore: add oathkeeper authn oauth2 introspection max_cost
 configuration

---
 docs/oathkeeper/pipeline/authn.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/oathkeeper/pipeline/authn.md b/docs/oathkeeper/pipeline/authn.md
index 54d39aba7..36c8429e4 100644
--- a/docs/oathkeeper/pipeline/authn.md
+++ b/docs/oathkeeper/pipeline/authn.md
@@ -478,7 +478,7 @@ This authenticator will use the username from the HTTP Basic Authorization heade
     false.
   - `ttl` (string) - Can override the default behavior of using the token exp time, and specify a set time to live for the token
     in the cache. If the token exp time is lower than the set value the token exp time will be used instead.
-  - `max_tokens` (int) - Max number of tokens to cache.
+  - `max_tokens` (int) - Max number of tokens to cache. Defaults to 1000.
 - `required_scope` ([]string, optional) - Sets what scope is required by the URL and when making performing OAuth 2.0 Client
   Credentials request, the scope will be included in the request:
 
@@ -606,6 +606,7 @@ Token Introspection to check if the token is valid and if the token was granted
     false.
   - `ttl` (string) - Can override the default behavior of using the token exp time, and specify a set time to live for the token
     in the cache.
+  - `max_cost` (int) - Max cost to cache. Defaults to 100000000.
 
 Please note that caching won't be used if the scope strategy is `none` and `required_scope` isn't empty. In that case, the
 configured introspection URL will always be called and is expected to check if the scope is valid or not.