|
4 | 4 | How to use Access Token Authentication |
5 | 5 | ====================================== |
6 | 6 |
|
7 | | -Access tokens are commonly used in API contexts. The access token is is obtained |
| 7 | +Access tokens are commonly used in API contexts. The access token is obtained |
8 | 8 | through an authorization server (or similar) whose role is to verify the user identity |
9 | 9 | and receive consent before the token is issued. |
10 | 10 |
|
11 | 11 | Access Tokens can be of any kind: opaque strings, Json Web Tokens (JWT) or SAML2 (XML structures). |
| 12 | +Please refer to the `RFC6750`_: *The OAuth 2.0 Authorization Framework: Bearer Token Usage*. |
12 | 13 |
|
13 | 14 | Using the Access Token Authenticator |
14 | 15 | ---------------------------------- |
@@ -100,6 +101,11 @@ where participating browsers do not have access to the "Authorization" request h |
100 | 101 |
|
101 | 102 | In other words: ``query_token`` and ``body_token` authenticators are not recommended. |
102 | 103 |
|
| 104 | +Customizing the Authenticators |
| 105 | +------------------------------ |
| 106 | +
|
| 107 | +
|
| 108 | +
|
103 | 109 | Customizing the Success Handler |
104 | 110 | ------------------------------- |
105 | 111 |
|
@@ -146,3 +152,5 @@ Then, configure this service ID as the ``success_handler``: |
146 | 152 | If you want to customize the default failure handling, use the |
147 | 153 | ``failure_handler`` option and create a class that implements |
148 | 154 | :class:`Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationFailureHandlerInterface`. |
| 155 | + |
| 156 | +.. _`RFC6750`: https://datatracker.ietf.org/doc/html/rfc6750 |
0 commit comments