Skip to content

Commit 51e170b

Browse files
javiereguiluzjaviereguiluz
committed
Tweaks
1 parent 9193745 commit 51e170b

File tree

1 file changed

+38
-45
lines changed

1 file changed

+38
-45
lines changed

security/access_token.rst

Lines changed: 38 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -343,9 +343,11 @@ and configure the service ID as the ``success_handler``:
343343
Using OpenID Connect (OIDC)
344344
---------------------------
345345

346-
`OpenID Connect (OIDC)`_ is the third generation of OpenID technology and it's a RESTful HTTP API that uses
347-
JSON as its data format. OpenID Connect is an authentication layer on top of the OAuth 2.0 authorization framework.
348-
It allows to verify the identity of an end user based on the authentication performed by an authorization server.
346+
`OpenID Connect (OIDC)`_ is the third generation of OpenID technology and it's a
347+
RESTful HTTP API that uses JSON as its data format. OpenID Connect is an
348+
authentication layer on top of the OAuth 2.0 authorization framework. It allows
349+
to verify the identity of an end user based on the authentication performed by
350+
an authorization server.
349351

350352
.. caution::
351353

@@ -358,15 +360,15 @@ It allows to verify the identity of an end user based on the authentication perf
358360

359361
The ``OidcUserInfoTokenHandler`` class was introduced in Symfony 6.3.
360362

361-
.. note::
363+
The ``OidcUserInfoTokenHandler`` requires the ``symfony/http-client`` package to
364+
make the needed HTTP requests. If you haven't installed it yet, run this command:
362365

363-
The ``OidcUserInfoTokenHandler`` requires ``symfony/http-client`` package:
364-
365-
.. code-block:: terminal
366+
.. code-block:: terminal
366367
367-
$ composer require symfony/http-client
368+
$ composer require symfony/http-client
368369
369-
Symfony provides a generic OidcUserInfoTokenHandler to call your OIDC server and retrieve the user info:
370+
Symfony provides a generic ``OidcUserInfoTokenHandler`` to call your OIDC server
371+
and retrieve the user info:
370372

371373
.. configuration-block::
372374

@@ -422,11 +424,8 @@ Symfony provides a generic OidcUserInfoTokenHandler to call your OIDC server and
422424
;
423425
};
424426
425-
.. tip::
426-
427-
Following the `OpenID Connect Specification`_, the `sub` claim
428-
is used as user identifier by default. To use another claim,
429-
specify it on the configuration:
427+
Following the `OpenID Connect Specification`_, the ``sub`` claim is used as user
428+
identifier by default. To use another claim, specify it on the configuration:
430429

431430
.. configuration-block::
432431

@@ -484,12 +483,9 @@ Symfony provides a generic OidcUserInfoTokenHandler to call your OIDC server and
484483
;
485484
};
486485
487-
.. tip::
488-
489-
The ``oidc_user_info`` token handler automatically creates
490-
an HTTP client with the specified configuration. If you
491-
prefer using your own client, you can specify the service
492-
name via the ``client`` option:
486+
The ``oidc_user_info`` token handler automatically creates an HTTP client with
487+
the specified configuration. If you prefer using your own client, you can
488+
specify the service name via the ``client`` option:
493489

494490
.. configuration-block::
495491

@@ -541,8 +537,9 @@ Symfony provides a generic OidcUserInfoTokenHandler to call your OIDC server and
541537
;
542538
};
543539
544-
By default, the ``OidcUserInfoTokenHandler`` creates an OidcUser with the claims. To create your own User from the
545-
claims, you must :doc:`create your own UserProvider </security/user_providers>`::
540+
By default, the ``OidcUserInfoTokenHandler`` creates an ``OidcUser`` with the
541+
claims. To create your own user object from the claims, you must
542+
:doc:`create your own UserProvider </security/user_providers>`::
546543

547544
// src/Security/Core/User/OidcUserProvider.php
548545
use Symfony\Component\Security\Core\User\AttributesBasedUserProviderInterface;
@@ -551,7 +548,7 @@ claims, you must :doc:`create your own UserProvider </security/user_providers>`:
551548
{
552549
public function loadUserByIdentifier(string $identifier, array $attributes = []): UserInterface
553550
{
554-
// do some magic
551+
// implement your own logic to load and return the user object
555552
}
556553
}
557554

@@ -562,18 +559,18 @@ claims, you must :doc:`create your own UserProvider </security/user_providers>`:
562559

563560
The ``OidcTokenHandler`` class was introduced in Symfony 6.3.
564561

565-
.. note::
562+
The ``OidcTokenHandler`` requires ``web-token/jwt-signature``,
563+
``web-token/jwt-checker`` and ``web-token/jwt-signature-algorithm-ecdsa``
564+
packages. If you haven't installed them yet, run these commands:
566565

567-
The ``OidcTokenHandler`` requires ``web-token/jwt-signature``, ``web-token/jwt-checker`` and
568-
``web-token/jwt-signature-algorithm-ecdsa`` packages:
569-
570-
.. code-block:: terminal
566+
.. code-block:: terminal
571567
572-
$ composer require web-token/jwt-signature
573-
$ composer require web-token/jwt-checker
574-
$ composer require web-token/jwt-signature-algorithm-ecdsa
568+
$ composer require web-token/jwt-signature
569+
$ composer require web-token/jwt-checker
570+
$ composer require web-token/jwt-signature-algorithm-ecdsa
575571
576-
Symfony provides a generic OidcTokenHandler to decode your token, validate it and retrieve the user info from it:
572+
Symfony provides a generic ``OidcTokenHandler`` to decode your token, validate
573+
it and retrieve the user info from it:
577574

578575
.. configuration-block::
579576

@@ -633,11 +630,9 @@ Symfony provides a generic OidcTokenHandler to decode your token, validate it an
633630
;
634631
};
635632
636-
.. tip::
637-
638-
Following the `OpenID Connect Specification`_, the `sub` claim
639-
is used by default as user identifier. To use another claim,
640-
specify it on the configuration:
633+
Following the `OpenID Connect Specification`_, the ``sub`` claim is used by
634+
default as user identifier. To use another claim, specify it on the
635+
configuration:
641636

642637
.. configuration-block::
643638

@@ -697,11 +692,8 @@ Symfony provides a generic OidcTokenHandler to decode your token, validate it an
697692
;
698693
};
699694
700-
.. tip::
701-
702-
The ``oidc`` token handler also check for the token audience.
703-
By default, this audience is optional. To enable this check,
704-
add the ``audience`` option:
695+
The ``oidc`` token handler also checks for the token audience. By default, this
696+
audience is optional. To enable this check, add the ``audience`` option:
705697

706698
.. configuration-block::
707699

@@ -761,8 +753,9 @@ Symfony provides a generic OidcTokenHandler to decode your token, validate it an
761753
;
762754
};
763755
764-
By default, the OidcTokenHandler creates an OidcUser with the claims. To create your own User from the claims,
765-
you must :doc:`create your own UserProvider </security/user_providers>`::
756+
By default, the ``OidcTokenHandler`` creates an ``OidcUser`` with the claims. To
757+
create your own User from the claims, you must
758+
:doc:`create your own UserProvider </security/user_providers>`::
766759

767760
// src/Security/Core/User/OidcUserProvider.php
768761
use Symfony\Component\Security\Core\User\AttributesBasedUserProviderInterface;
@@ -771,7 +764,7 @@ you must :doc:`create your own UserProvider </security/user_providers>`::
771764
{
772765
public function loadUserByIdentifier(string $identifier, array $attributes = []): UserInterface
773766
{
774-
// do some magic
767+
// implement your own logic to load and return the user object
775768
}
776769
}
777770

0 commit comments

Comments
 (0)