Address PR Feedback

CHANGELOG.md

@@ -6,7 +6,7 @@ Canonical reference for changes, improvements, and bugfixes for the Boundary Ter
 
 ### New and Improved
 
-* Add support for OIDC prompt. Prompts are optional OIDC parameters that determine the behavior of the authentication server.
+* Add support for OIDC prompts. Using prompts, the Relying Party (RP) can customize the authentication and authorization flow to suit their specific needs and improve the user experience. [OIDC Authentication request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) server.
   ([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/519))
 
 ## 1.1.10 (October 11, 2023)

docs/resources/auth_method_oidc.md

@@ -81,7 +81,7 @@ resource "boundary_auth_method_oidc" "oidc_with_multiple_prompts" {
 - `issuer` (String) The issuer corresponding to the provider, which must match the issuer field in generated tokens.
 - `max_age` (Number) The max age to provide to the provider, indicating how much time is allowed to have passed since the last authentication before the user is challenged again. A value of 0 sets an immediate requirement for all users to reauthenticate, and an unset maxAge results in a Terraform value of -1 and the default TTL of the chosen OIDC will be used.
 - `name` (String) The auth method name. Defaults to the resource name.
-- `prompts` (List of String) The prompts passed to the identity provider to determine whether to prompt the end-user for reauthentication, account selection or consent. Please note the values passed are case-sensitive.
+- `prompts` (List of String) The prompts passed to the identity provider to determine whether to prompt the end-user for reauthentication, account selection or consent. Please note the values passed are case-sensitive. The valid values are: `none`, `login`, `consent` and `select_account`.
 - `signing_algorithms` (List of String) Allowed signing algorithms for the provider's issued tokens.
 - `state` (String) Can be one of 'inactive', 'active-private', or 'active-public'. Currently automatically set to active-public.
 - `type` (String) The type of auth method; hardcoded.

internal/provider/resource_auth_method_oidc.go

@@ -149,8 +149,8 @@ func resourceAuthMethodOidc() *schema.Resource {
 				Optional: true,
 			},
 			authmethodOidcPromptsKey: {
-				Description: `The prompts passed to the identity provider to determine whether to prompt the end-user for reauthentication, account selection or consent. ` +
-					`Please note the values passed are case-sensitive.`,
+				Description: "The prompts passed to the identity provider to determine whether to prompt the end-user for reauthentication, account selection or consent. " +
+					"Please note the values passed are case-sensitive. The valid values are: `none`, `login`, `consent` and `select_account`. ",
 				Type: schema.TypeList,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
@@ -337,8 +337,8 @@ func resourceAuthMethodOidcCreate(ctx context.Context, d *schema.ResourceData, m
 
 	if prompts, ok := d.GetOk(authmethodOidcPromptsKey); ok {
 		promptList := []string{}
-		for _, c := range prompts.([]interface{}) {
-			promptList = append(promptList, c.(string))
+		for _, p := range prompts.([]interface{}) {
+			promptList = append(promptList, p.(string))
 		}
 		opts = append(opts, authmethods.WithOidcAuthMethodPrompts(promptList))
 	}
@@ -561,8 +561,8 @@ func resourceAuthMethodOidcUpdate(ctx context.Context, d *schema.ResourceData, m
 	if d.HasChange(authmethodOidcPromptsKey) {
 		if prompts, ok := d.GetOk(authmethodOidcPromptsKey); ok {
 			var promptsList []string
-			for _, alg := range prompts.([]interface{}) {
-				promptsList = append(promptsList, alg.(string))
+			for _, prompt := range prompts.([]interface{}) {
+				promptsList = append(promptsList, prompt.(string))
 			}
 			opts = append(opts, authmethods.WithOidcAuthMethodPrompts(promptsList))
 		}