docs: Update DSL cheat sheets.

documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md

@@ -66,6 +66,7 @@ The following defaults are applied:
 | [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` |  | The base URL of the OAuth2 server - including the leading protocol (ie `https://`).  Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`site`](#authentication-strategies-auth0-site){: #authentication-strategies-auth0-site } | `(any, any -> any) \| module \| String.t` |  | Deprecated: Use `base_url` instead. |
 | [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` |  | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
+| [`trusted_audiences`](#authentication-strategies-auth0-trusted_audiences){: #authentication-strategies-auth0-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` |  | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` |  | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
 | [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` |  | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |

documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md

@@ -66,6 +66,7 @@ The following defaults are applied:
 | [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` |  | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`site`](#authentication-strategies-github-site){: #authentication-strategies-github-site } | `(any, any -> any) \| module \| String.t` |  | Deprecated: Use `base_url` instead. |
 | [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` |  | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
+| [`trusted_audiences`](#authentication-strategies-github-trusted_audiences){: #authentication-strategies-github-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` |  | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` |  | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
 | [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` |  | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |

documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md

@@ -68,6 +68,7 @@ The following defaults are applied:
 | [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` |  | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`site`](#authentication-strategies-google-site){: #authentication-strategies-google-site } | `(any, any -> any) \| module \| String.t` |  | Deprecated: Use `base_url` instead. |
 | [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` |  | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
+| [`trusted_audiences`](#authentication-strategies-google-trusted_audiences){: #authentication-strategies-google-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` |  | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` |  | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
 | [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` |  | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |

documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md

@@ -244,6 +244,7 @@ OAuth2 authentication
 | [`site`](#authentication-strategies-oauth2-site){: #authentication-strategies-oauth2-site } | `(any, any -> any) \| module \| String.t` |  | Deprecated: Use `base_url` instead. |
 | [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
 | [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` |  | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
+| [`trusted_audiences`](#authentication-strategies-oauth2-trusted_audiences){: #authentication-strategies-oauth2-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` |  | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` |  | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
 | [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |

documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md

@@ -87,6 +87,7 @@ all the same configuration options should you need them.
 | [`site`](#authentication-strategies-oidc-site){: #authentication-strategies-oidc-site } | `(any, any -> any) \| module \| String.t` |  | Deprecated: Use `base_url` instead. |
 | [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
 | [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` |  | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
+| [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` |  | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` |  | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
 | [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
 | [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
@@ -101,7 +102,6 @@ all the same configuration options should you need them.
 | [`id_token_signed_response_alg`](#authentication-strategies-oidc-id_token_signed_response_alg){: #authentication-strategies-oidc-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. |
 | [`id_token_ttl_seconds`](#authentication-strategies-oidc-id_token_ttl_seconds){: #authentication-strategies-oidc-id_token_ttl_seconds } | `nil \| pos_integer` |  | The number of seconds from `iat` that an ID Token will be considered valid. |
 | [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce, `true` to automatically generate it with `AshAuthetnication.Strategy.Oidc.NonceGenerator`, or `false` to disable. |
-| [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `nil \| list(String.t)` |  | A list of audiences which are trusted. |