fix: revert mod_auth_openidc part overriden by mod_oauth2

docs-cs/Jiné aplikace/Apache web server/mod_auth_openidc.md

@@ -19,18 +19,38 @@ Jedná se o modul pro Apache web server pro připojení aplikace nebo webu bez z
 ## Konfigurace
 
 1. Nainstalujte následující balíčky (v některých Linuxových distribucích dostupné z apt repozitářů):
-   1. [liboauth2](https://github.com/zmartzone/liboauth2/releases)
-   2. [mod_oauth2](https://github.com/zmartzone/mod_oauth2/releases)
-   3. [mod_auth_openidc](https://github.com/zmartzone/mod_auth_openidc/releases)
+    1. [liboauth2](https://github.com/zmartzone/liboauth2/releases)
+    2. [mod_oauth2](https://github.com/zmartzone/mod_oauth2/releases)
+    3. [mod_auth_openidc](https://github.com/zmartzone/mod_auth_openidc/releases)
 2. Do konfigurace **Apache VirtualHost** (většinou v **/etc/apache2/sites-enabled/\*.conf**) vložte následující:
 
-```apacheconf
-   AuthType oauth2
-   OAuth2TokenVerify metadata %OIDC_WELL_KNOWN_URI% introspect.auth=client_secret_basic&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET
-   OAuth2AcceptTokenIn header name=Authorization&type=bearer
-   require valid-user
-```
+    ```apacheconf
+    OIDCProviderMetadataURL %OIDC_WELL_KNOWN_URI%
+    OIDCClientID YOUR_CLIENT_ID
+    OIDCClientSecret YOUR_CLIENT_SECRET
+    OIDCRedirectURI https://sp.example.org/secure/redirect_uri
+    OIDCCryptoPassphrase "exec:/bin/bash -c \"head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32\""
+    OIDCScope "openid"
+    
+    <Location /secure/>
+        AuthType openid-connect
+        Require valid-user
+    </Location>
+    ```
+
+3. Pokud je podporováno PKCE, přidejte:
+
+    ```apacheconf
+    OIDCPKCEMethod S256
+    ```
+
+4. Do části Apache konfigurace, která zpřístupňuje aplikaci/web (např. blok Location, který obsahuje direktivu ProxyPass), přidejte:
+
+    ```apacheconf
+    AuthType openid-connect
+    Require valid-user
+    ```
 
 ## Další zdroje
 
-- Ukázková konfigurace s dalšími možnostmi nastavení: [https://github.com/OpenIDC/mod_auth_openidc/blob/master/auth_openidc.conf](https://github.com/OpenIDC/mod_auth_openidc/blob/master/auth_openidc.conf)
+Ukázková konfigurace s dalšími možnostmi nastavení: [https://github.com/OpenIDC/mod_auth_openidc/blob/master/auth_openidc.conf](https://github.com/OpenIDC/mod_auth_openidc/blob/master/auth_openidc.conf)

docs-en/Other applications/Apache web server/mod_auth_openidc.md

@@ -25,10 +25,30 @@ An Apache web server module for integrating applications or websites without OID
 2. Add the following to the **Apache VirtualHost** configuration (usually located in **/etc/apache2/sites-enabled/\*.conf**)
 
     ```apacheconf
-    AuthType oauth2
-    OAuth2TokenVerify metadata %OIDC_WELL_KNOWN_URI% introspect.auth=client_secret_basic&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET
-    OAuth2AcceptTokenIn header name=Authorization&type=bearer
-    require valid-user
+    OIDCProviderMetadataURL %OIDC_WELL_KNOWN_URI%
+    OIDCClientID YOUR_CLIENT_ID
+    OIDCClientSecret YOUR_CLIENT_SECRET
+    OIDCRedirectURI https://sp.example.org/secure/redirect_uri
+    OIDCCryptoPassphrase "exec:/bin/bash -c \"head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32\""
+    OIDCScope "openid"
+    
+    <Location /secure/>
+        AuthType openid-connect
+        Require valid-user
+    </Location>
+    ```
+
+3. If PKCE is supported, add the following:
+
+    ```apacheconf
+    OIDCPKCEMethod S256
+    ```
+
+4. Into the block of Apache configuration, which serves your application/website (e.g. the location block which contains ProxyPass), add the following:
+
+    ```apacheconf
+    AuthType openid-connect
+    Require valid-user
     ```
 
 ## Additional resources