From 77e42d60cb314e3113058c34d5c29df466719fb8 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Fri, 12 Nov 2021 22:48:01 +0100
Subject: [PATCH] website/docs: use new headers in docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 website/docs/providers/proxy/forward_auth.mdx | 39 +++++++++++--------
 website/docs/providers/proxy/proxy.md         | 10 ++---
 2 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/website/docs/providers/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx
index b0ae3ac23..6505d9789 100644
--- a/website/docs/providers/proxy/forward_auth.mdx
+++ b/website/docs/providers/proxy/forward_auth.mdx
@@ -77,10 +77,17 @@ server {
         # error_page          401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
 
         # translate headers from the outposts back to the actual upstream
-        auth_request_set    $username    $upstream_http_x_auth_username;
-        auth_request_set    $email       $upstream_http_X_Forwarded_Email;
-        proxy_set_header    X-Auth-Username   $username;
-        proxy_set_header    X-Forwarded-Email $email;
+        auth_request_set $authentik_username $upstream_http_x_authentik_username;
+        auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+        auth_request_set $authentik_email $upstream_http_x_authentik_email;
+        auth_request_set $authentik_name $upstream_http_x_authentik_name;
+        auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+        proxy_set_header X-authentik-username $authentik_username;
+        proxy_set_header X-authentik-groups $authentik_groups;
+        proxy_set_header X-authentik-email $authentik_email;
+        proxy_set_header X-authentik-name $authentik_name;
+        proxy_set_header X-authentik-uid $authentik_uid;
     }
 
     # all requests to /akprox must be accessible without authentication
@@ -132,7 +139,7 @@ metadata:
   annotations:
     nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx
     nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri
-    nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User,X-Auth-Groups
+    nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
     nginx.ingress.kubernetes.io/auth-snippet: |
        proxy_set_header X-Forwarded-Host $http_host;
 ```
@@ -159,11 +166,11 @@ http:
         trustForwardHeader: true
         authResponseHeaders:
           - Set-Cookie
-          - X-Auth-Username
-          - X-Auth-Groups
-          - X-Forwarded-Email
-          - X-Forwarded-Preferred-Username
-          - X-Forwarded-User
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
   routers:
     default-router:
       rule: "Host(`*external host that you configured in authentik*`)"
@@ -230,7 +237,7 @@ services:
       traefik.http.routers.authentik.tls: true
       traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:9000/akprox/auth/traefik
       traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
-      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Auth-Groups,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
     restart: unless-stopped
 
   whoami:
@@ -259,11 +266,11 @@ spec:
     trustForwardHeader: true
     authResponseHeaders:
       - Set-Cookie
-      - X-Auth-Username
-      - X-Auth-Groups
-      - X-Forwarded-Email
-      - X-Forwarded-Preferred-Username
-      - X-Forwarded-User
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
 ```
 
 Add the following settings to your IngressRoute
diff --git a/website/docs/providers/proxy/proxy.md b/website/docs/providers/proxy/proxy.md
index 725cfe077..dfaeb883f 100644
--- a/website/docs/providers/proxy/proxy.md
+++ b/website/docs/providers/proxy/proxy.md
@@ -5,11 +5,11 @@ title: Overview
 The proxy outpost sets the following headers:
 
 ```
-X-Auth-Username: akadmin # The username of the currently logged in user
-X-Auth-Groups: foo|bar|baz # The groups the user is member of, separated by a pipe
-X-Forwarded-Email: root@localhost # The email address of the currently logged in user
-X-Forwarded-Preferred-Username: akadmin  # The username of the currently logged in user
-X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
+X-authentik-username: akadmin # The username of the currently logged in user
+X-authentik-groups: foo|bar|baz # The groups the user is member of, separated by a pipe
+X-authentik-email: root@localhost # The email address of the currently logged in user
+X-authentik-name: authentik Default Admin # Full name of the current user
+X-authentik-uid: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
 ```
 
 Additionally, you can set `additionalHeaders` on groups or users to set additional headers.