Update JWT documentation to recommend only using jwt_header or audit logging not both (#5914)

* readd auth token doc

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Fix vale

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Apply suggestions from code review

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Apply suggestions from code review

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Fix embedded command

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Blank lines after headings

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* change

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Style guidelines

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/access-control/authentication-tokens.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Apply suggestions from code review

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update _security/access-control/authentication-tokens.md

Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* warn about audit logging of custom headers

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/authentication-backends/jwt.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

---------

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

_security/authentication-backends/jwt.md

@@ -116,7 +116,7 @@ The following table lists the configuration parameters.
 Name | Description
 :--- | :---
 `signing_key` | The signing key to use when verifying the token. If you use a symmetric key algorithm, it is the base64-encoded shared secret. If you use an asymmetric algorithm, it contains the public key.
-`jwt_header` | The HTTP header in which the token is transmitted. This is typically the `Authorization` header with the `Bearer` schema: `Authorization: Bearer <token>`. Default is `Authorization`.
+`jwt_header` | The HTTP header in which the token is transmitted. This is typically the `Authorization` header with the `Bearer` schema,`Authorization: Bearer <token>`. Default is `Authorization`. Replacing this field with a value other than `Authorization` prevents the audit log from properly redacting the JWT header from audit messages. It is recommended that users only use  `Authorization` when using JWTs with audit logging. 
 `jwt_url_parameter` | If the token is not transmitted in the HTTP header but rather as an URL parameter, define the name of the parameter here.
 `subject_key` | The key in the JSON payload that stores the username. If not set, the [subject](https://tools.ietf.org/html/rfc7519#section-4.1.2) registered claim is used.
 `roles_key` | The key in the JSON payload that stores the user's roles. The value of this key must be a comma-separated list of roles.