docs: fix example config files

mmalenic · mmalenic · commit 09e83dec5aa3 · 2025-09-24T16:48:34.000+10:00
diff --git a/htsget-config/README.md b/htsget-config/README.md
@@ -401,14 +401,14 @@ The htsget-rs ticket and data servers can be configured to validate and authenti
 
 The following options can be configured under the `auth` table to enable this:
 
-| Option                       | Description                                                                                                                                                                                                                                                                                                                          | Type             | Default                                                                                                |
-|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|--------------------------------------------------------------------------------------------------------|
-| `jwks_url`                   | The JSON web key sets url to fetch key sets validating the JWT token.                                                                                                                                                                                                                                                                | URL              | Not set, either this option or `decode_public_key` must be set to validate JWTs.                       | 
-| `public_key`                 | The path to PEM formatted public key used to decode the JWT token.                                                                                                                                                                                                                                                                   | Filesystem path  | Not set, either this option `jwks_url` must be set to validate JWTs.                                   |
-| `validate_audience`          | Validate that the JWT token has the specified audience field.                                                                                                                                                                                                                                                                        | Array of strings | Optional. Does not validate the audience by default.                                                   |
-| `validate_issuer`            | Validate that the JWT token has the specified issuer field.                                                                                                                                                                                                                                                                          | Array of strings | Optional. Does not validate the issuer by default.                                                     |
-| `validate_subject`           | Validate that the JWT token has the specified subject field.                                                                                                                                                                                                                                                                         | Strings          | Optional. Does not validate the subject by default.                                                    |
-| `tls`                        | Enables client authentication, or sets non-native root certificates for TLS when making requests. See [server configuration](#server-configuration) for more details.                                                                                                                                                                | TOML table       | Optional. Performs no client authentication and uses native root certificates for TLS client requests. |
+| Option                  | Description                                                                                                                                                                                      | Type             | Default                                                                                                           |
+|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------|
+| `jwks_url`              | The JSON web key sets url to fetch key sets validating the JWT token.                                                                                                                            | URL              | Not set, either this option or `decode_public_key` must be set to validate JWTs.                                  | 
+| `public_key`            | The path to PEM formatted public key used to decode the JWT token.                                                                                                                               | Filesystem path  | Not set, either this option `jwks_url` must be set to validate JWTs.                                              |
+| `validate_audience`     | Validate that the JWT token has the specified audience field.                                                                                                                                    | Array of strings | Optional. Does not validate the audience by default.                                                              |
+| `validate_issuer`       | Validate that the JWT token has the specified issuer field.                                                                                                                                      | Array of strings | Optional. Does not validate the issuer by default.                                                                |
+| `validate_subject`      | Validate that the JWT token has the specified subject field.                                                                                                                                     | Strings          | Optional. Does not validate the subject by default.                                                               |
+| `http`                  | Additionally enables client authentication, or sets non-native root certificates for TLS, or disables HTTP header caching. See [server configuration](#server-configuration) for more details.   | TOML table       | TLS is always allowed, however the default performs no client authentication and uses native root certificates.   |
 
 When JWT authentication is enabled, either `jwks_url` or `public_key` must be set to validate the JWT. The `auth` table
 can be set under the `data_server` or `ticket_server` table, or globally to use the same configuration for both. 
diff --git a/htsget-config/docs/examples/auth.toml b/htsget-config/docs/examples/auth.toml
@@ -12,16 +12,17 @@ jwks_url = "https://www.example.com/htsget"
 ## Alternatively use public key-based validation
 #public_key = "/path/to/jwt-public-key.pem"
 
-# Trusted authorization URLs
-trusted_authorization_urls = ["https://www.example.com/authorize"]
-# Optionally fetch the authorization url from the path in the JWT. Only
-# issues the request to the URL if it's also in `trusted_authorization_urls`.
-authorization_path = "$.authorization_url"
-
 validate_audience = ["htsget-server"]
 validate_issuer = ["https://www.example.com"]
 validate_subject = "htsget"
 
+# Authorization URLs, if using an authorization service.
+authorization_url = "https://www.example.com/authorize"
+# Forward the authorization header to the auth server.
+passthrough_auth = true
+## Any headers to forward
+#forward_headers = ["Content-Type"]
+
 ## Set client authentication
 #http.key = "key.pem"
 #http.cert = "cert.pem"
diff --git a/htsget-config/docs/examples/basic.toml b/htsget-config/docs/examples/basic.toml
@@ -5,4 +5,4 @@ ticket_server.addr = "127.0.0.1:8080"
 data_server.addr = "127.0.0.1:8081"
 
 # Serve data locally from the `data` directory or from an S3 bucket called `bucket` depending on the prefix.
-location = [ { location = "file://data", prefix = "file_prefix" }, { location = "s3://bucket", prefix = "s3_prefix" } ]
+locations = [ { location = "file://data", prefix = "file_prefix" }, { location = "s3://bucket", prefix = "s3_prefix" } ]
diff --git a/htsget-config/docs/examples/tls_ticket_server.toml b/htsget-config/docs/examples/tls_ticket_server.toml
@@ -2,7 +2,7 @@
 # Run with `cargo run -p htsget-axum --all-features -- --config htsget-config/docs/examples/tls_ticket_server.toml`
 
 ticket_server.addr = "0.0.0.0:8080"
-ticket_server.cors_allow_origins = "All"
+ticket_server.cors.allow_origins = "All"
 ticket_server.tls.cert = "cert.pem"
 ticket_server.tls.key = "key.pem"
 data_server.addr = "0.0.0.0:8081"
