📚 Sync docs from alaudadevops/connectors-operator on dfe55c2a5de413ef5aec931197b06af3426004a1

Source: add docs to explain how to pass auth info when using proxy (#273)
Author: chengjingtao
Ref: refs/heads/main
Commit: dfe55c2a5de413ef5aec931197b06af3426004a1

This commit automatically syncs documentation changes from the source-docs repository.

🔗 View source commit: https://github.com/alaudadevops/connectors-operator/commit/dfe55c2a5de413ef5aec931197b06af3426004a1
🤖 Synced on 2025-10-24 10:20:31 UTC

Author: edge-katanomi-app2[bot]

.github/SYNC_INFO.md

@@ -1,10 +1,10 @@
 # Documentation Sync Information
 
-- **Last synced**: 2025-10-23 05:52:38 UTC
+- **Last synced**: 2025-10-24 10:20:31 UTC
 - **Source repository**: alaudadevops/connectors-operator
-- **Source commit**: [0b818cebe6bfd989edaf3ead7b883cd138bc666b](https://github.com/alaudadevops/connectors-operator/commit/0b818cebe6bfd989edaf3ead7b883cd138bc666b)
+- **Source commit**: [dfe55c2a5de413ef5aec931197b06af3426004a1](https://github.com/alaudadevops/connectors-operator/commit/dfe55c2a5de413ef5aec931197b06af3426004a1)
 - **Triggered by**: edge-katanomi-app2[bot]
-- **Workflow run**: [#43](https://github.com/alaudadevops/connectors-operator/actions/runs/18738918779)
+- **Workflow run**: [#44](https://github.com/alaudadevops/connectors-operator/actions/runs/18776845356)
 
 ## Files synced:
 - docs/

docs/en/connectors/concepts/connectors_proxy.mdx

@@ -124,34 +124,91 @@ Custom proxies can point to any address capable of handling proxy requests.
 
 ### Connectors Proxy Authentication
 
-Clients must provide authentication when using Connectors Proxy. Authentication uses ServiceAccount tokens, and the ServiceAccount must have read permissions for the target Connector.
+When using Connectors Proxy, clients must provide proper authentication credentials to access the proxy. The authentication process requires two key elements:
 
-**Built-in Forward Proxy Authentication**
+1. **Connector Identification**: Specify which connector to use for credential injection
+2. **Authorization Token**: Provide a ServiceAccount token with read permissions for the target Connector
 
-Authentication credentials are passed via `Proxy-Authorization` header:
+The proxy server validates the provided ServiceAccount token to ensure it has the necessary permissions for the specified Connector before processing requests and injects the authentication credentials into the request when valid.
+
+For detailed information about ServiceAccount tokens and RBAC configuration, see the [Kubernetes Authentication documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens).
+
+#### Built-in Forward Proxy Authentication
+
+For forward proxy mode, authentication information is passed through the `Proxy-Authorization` header using HTTP Proxy Basic Authentication.
 
 - **Username**: `<connector-namespace>/<connector-name>`
 - **Password**: ServiceAccount token with read permissions for the Connector
 
-**Example**: For a `github` Connector in the `default` namespace:
+Proxy-Authorization Header:
+
+```bash
+# credentials format: <connector-namespace>/<connector-name>:<service-account-token>
+# example: default/github:sa-token-xxxxxxx
+Proxy-Authorization: Basic <base64-encoded-credentials>
+```
+
+HTTP Proxy Environment Example:
+
+You can configure proxy authentication using standard HTTP proxy environment variables:
 
 ```bash
-export http_proxy=http://default%2Fgithub:[email protected]
+export http_proxy=http://<connector-namespace>%2F<connector-name>:<service-account-token>@<connector-proxy-address>
+export https_proxy=http://<connector-namespace>%2F<connector-name>:<service-account-token>@<connector-proxy-address>
 ```
 
-Requests through this proxy automatically inject the `default/github` connector's authentication credentials when accessing GitHub services.
+> **Note**: The `%2F` is the URL-encoded form of `/` in the connector namespace/name format.
+
+#### Built-in Reverse Proxy Authentication
 
-**Built-in Reverse Proxy Authentication**
+For reverse proxy mode, clients connect directly to the connector's proxy address. The authentication token can be provided using either Basic Auth or Bearer Token methods, while connector identification is handled through the connector proxy address.
 
-Authentication credentials are passed via Basic Auth:
+##### Basic Authentication
 
-- **Username**: Any value
+- **Username**: Any value (ignored)
 - **Password**: ServiceAccount token with read permissions for the Connector
 
-**Example**: For a `github` Connector in the `default` namespace:
+Example:
 
 ```bash
-curl -u any:sa-token-xxxxxxx "http://c-github.default.svc.cluster.local/xxx"
+curl -u "user:sa-token-xxxxxxx" "http://c-github.default.svc.cluster.local/"
 ```
 
-The proxy automatically injects the `default/github` connector's authentication credentials when forwarding requests to GitHub services.
+##### Bearer Token Authentication
+
+- **Authorization Header**: `Bearer <service-account-token>`
+
+Example:
+
+```bash
+curl -H "Authorization: Bearer sa-token-xxxxxxx" "http://c-github.default.svc.cluster.local/"
+```
+
+##### Connector Identification
+
+The connector can be identified through different proxy address formats:
+
+- **Service Format**: e.g. `http://c-<connector-name>.<namespace>.svc.cluster.local`
+- **Path Format**: `http://<proxy-address>/namespaces/<connector-namespace>/connectors/<connector-name>`
+
+The connector proxy address is automatically generated by the system and is unique for each connector. You **must** retrieve the connector proxy address from the `status.proxy.httpAddress` field of the connector resource before using it.
+
+Example:
+
+For a `github` connector in the `default` namespace:
+
+```bash
+# Using Bearer Token and service address format
+curl -H "Authorization: Bearer sa-token-xxxxxxx" \
+     "http://c-github.default.svc.cluster.local/"
+
+# Using Basic Auth and path address format
+curl -u ":sa-token-xxxxxxx" \
+     "http://connector-proxy.example.com/namespaces/default/connectors/github"
+```
+
+The proxy will validate the authentication token and automatically inject the `default/github` connector's authentication credentials when forwarding requests to GitHub services.
+
+## References
+
+- [Kubernetes Authentication documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#service-account-tokens)