doc: improve OIDCProviderSignedJwksUri and OIDCProviderVerifyCertFiles

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

auth_openidc.conf

@@ -83,7 +83,7 @@
 # NB: for multi-OP setups:
 #     the 1st parameter is not used, it needs to be set anyhow (e.g. to "") if you wish to use the 2nd parameter
 #     the 2nd parameter is the default verification JWK for content pulled from the signed_jwks_uri for all providers and
-#     and its can be overridden with a per-provider key in the <issuer>.conf file using the key: signed_jwks_uri_key
+#     and its value can be overridden with a per-provider key in the <issuer>.conf file using the key: signed_jwks_uri_key
 #OIDCProviderSignedJwksUri <jwks_url> [ <jwks> | <jwk> ]
 
 # The fully qualified names of the files that contain the X.509 certificates with the RSA/EC public
@@ -92,7 +92,7 @@
 #  ["sig:"|"enc:"][<key-identifier>#]<path-to-cert>
 # and the key identifier part is required when the ID Token contains a "kid" in its header.
 # Specify the prefix "sig:" or "enc:" to indicate a key is specifically to be used for signing or encryption.
-# When not defined, ID Token validation key material has to be obtained through OIDCProviderJwksUri or OIDCProviderMetadataURL
+# When not defined, ID Token validation key material has to be obtained through OIDCProviderMetadataURL or OIDCProviderJwksUri/OIDCProviderSignedJwksUri.
 #OIDCProviderVerifyCertFiles (["sig:"|"enc:"][<kid>#]<filename>)+
 
 # OpenID Connect Provider Token Endpoint URL (e.g. https://localhost:9031/as/token.oauth2)