|
4 | 4 | How to use Access Token Authentication
|
5 | 5 | ======================================
|
6 | 6 |
|
7 |
| -Access tokens are commonly used in API contexts. The access token is is obtained |
| 7 | +Access tokens are commonly used in API contexts. The access token is obtained |
8 | 8 | through an authorization server (or similar) whose role is to verify the user identity
|
9 | 9 | and receive consent before the token is issued.
|
10 | 10 |
|
11 | 11 | Access Tokens can be of any kind: opaque strings, Json Web Tokens (JWT) or SAML2 (XML structures).
|
| 12 | +Please refer to the `RFC6750`_: *The OAuth 2.0 Authorization Framework: Bearer Token Usage*. |
12 | 13 |
|
13 | 14 | Using the Access Token Authenticator
|
14 | 15 | ----------------------------------
|
@@ -100,6 +101,11 @@ where participating browsers do not have access to the "Authorization" request h
|
100 | 101 |
|
101 | 102 | In other words: ``query_token`` and ``body_token` authenticators are not recommended.
|
102 | 103 |
|
| 104 | +Customizing the Authenticators |
| 105 | +------------------------------ |
| 106 | +
|
| 107 | +
|
| 108 | +
|
103 | 109 | Customizing the Success Handler
|
104 | 110 | -------------------------------
|
105 | 111 |
|
@@ -146,3 +152,5 @@ Then, configure this service ID as the ``success_handler``:
|
146 | 152 | If you want to customize the default failure handling, use the
|
147 | 153 | ``failure_handler`` option and create a class that implements
|
148 | 154 | :class:`Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationFailureHandlerInterface`.
|
| 155 | + |
| 156 | +.. _`RFC6750`: https://datatracker.ietf.org/doc/html/rfc6750 |
0 commit comments