minor docs update + exception fix

Author: zvonand

docs/en/operations/external-authenticators/index.md

@@ -19,5 +19,4 @@ The following external authenticators and directories are supported:
 - Kerberos [Authenticator](/operations/external-authenticators/kerberos#kerberos-as-an-external-authenticator-for-existing-users)
 - [SSL X.509 authentication](/operations/external-authenticators/ssl-x509)
 - HTTP [Authenticator](./http.md)
-- JWT [Authenticator](./jwt.md)
-- Access Token [Authenticator](./tokens.md)
+- Token-based [Authenticator](./tokens.md)

docs/en/operations/external-authenticators/tokens.md

@@ -213,7 +213,9 @@ All this implies that the SQL-driven [Access Control and Account Management](/do
             <common_roles>
                 <token_test_role_1 />
             </common_roles>
-            <roles_filter></roles_filter>
+            <roles_filter>
+                \bclickhouse-[a-zA-Z0-9]+\b
+            </roles_filter>
         </token>
     </user_directories>
 </clickhouse>

src/Access/ExternalAuthenticators.cpp

@@ -649,7 +649,7 @@ bool ExternalAuthenticators::checkTokenCredentials(const TokenCredentials & cred
     std::lock_guard lock{mutex};
 
     if (token_processors.empty())
-        throw Exception(ErrorCodes::BAD_ARGUMENTS, "Access token authentication is not configured");
+        throw Exception(ErrorCodes::BAD_ARGUMENTS, "Token authentication is not configured");
 
     /// lookup token in local cache if not expired.
     auto cached_entry_iter = access_token_to_username_cache.find(credentials.getToken());