add documentation BearerTokenResolver with snippets #7250
Conversation
|
@jzheaux , please see it. |
spring-projects-issues
added
the
status: waiting-for-triage
jzheaux
added
in: docs
|
|
||
| == BearerTokenResolver | ||
|
|
||
| With interface BearerTokenResolver you can provide a strategy to resolve a bearer token. |
There was a problem hiding this comment.
When referring to class names, and other inlined code, please use backticks, e.g. BearerTokenResolver
|
|
||
| With interface BearerTokenResolver you can provide a strategy to resolve a bearer token. | ||
|
|
||
| The interface provides the next method: |
There was a problem hiding this comment.
Instead of showing the interface, could you show example usage? Specifically, I'm thinking it would be nice for the documentation to show how to do 1. form-based bearer tokens and 2. a custom header name.
There was a problem hiding this comment.
@jzheaux , 1) Can you explain more about it? is It like Loosely Coupling? When we take parameters and generate a token? 2) We can provide a link to code with HeaderBearerTokenResolver.
There was a problem hiding this comment.
Good questions.
For the first, there is a setting, DefaultBearerTokenResolver#setAllowFormEncodedBodyParameter. The spec allows for passing the bearer token via a form parameter instead of a header.
For the second (and in general), I recommend that the code be inlined, so the reader can see example usage in the context of your explanation. For example, you can imagine documentation written like this:
Or, we may need to use a custom header name, like when using Google Cloud's IAP Proxy authentication:
http .oauth2ResourceServer() .bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
|
@kostya05983 thanks for your contributions here! I've merged your PR via 69a4848, and then I realized that it needed to be in the servlet docs, so I moved it and added a couple of examples via 5d0e80c |
Add docs to BearerTokenResolver with snippets, snippet is taken from existing code base.
gh-6254