README.md: provide a more complete OAuth2Require example; thanks @pladen

zandbelt · zandbelt · commit 872b96e64f17 · 2024-06-21T18:26:20.000+02:00
see: 76102f0#commitcomment-143397829 Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
diff --git a/README.md b/README.md
@@ -24,8 +24,13 @@ OAuth2TokenVerify [ introspect | jwk_uri | metadata | jwk | plain | base64 | bas
         "~*^Bearer\s+(?<token>[\S]+)$" $token;
     }
 
-    map $pfc_introspect_sub $valid_sub_joe {
-    	"joe"  1;
+    map $pfc_introspect_sub $valid_sub {
+        "joe"        1;
+        "alice"     1;
+        "bob"      1;
+        "~admin_.+"      1;  #allow
+        "~student_.+"    0;  # deny
+        default    0; # default to deny
     }
 
     server {
@@ -45,7 +50,7 @@ OAuth2TokenVerify [ introspect | jwk_uri | metadata | jwk | plain | base64 | bas
             OAuth2Claim username $pfc_introspect_username;
             OAuth2Claim active $pfc_introspect_active;
 
-        	OAuth2Require $valid_sub_joe;            
+        	OAuth2Require $valid_sub;            
 
             proxy_set_header OAUTH2_CLAIM_sub $pfc_introspect_sub;
             proxy_set_header OAUTH2_CLAIM_username $pfc_introspect_username;
