Polish "Document audience support in Oauth2 resource server"

wilkinsona · wilkinsona · commit f452a8617518 · 2023-05-25T14:11:44.000+01:00
See gh-35286
diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc
@@ -201,8 +201,21 @@ For JWT configuration, a JWK Set URI or OIDC Issuer URI needs to be specified, a
 NOTE: If the authorization server does not support a JWK Set URI, you can configure the resource server with the Public Key used for verifying the signature of the JWT.
 This can be done using the configprop:spring.security.oauth2.resourceserver.jwt.public-key-location[] property, where the value needs to point to a file containing the public key in the PEM-encoded x509 format.
 
-The same properties are applicable for both servlet and reactive applications.
+The configprop:spring.security.oauth2.resourceserver.jwt.audiences[] property can be used to specifify the expected values of the aud claim in JWTs.
+For example, to require JWTs to contain an aud claim with the value `my-audience`:
 
+[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
+----
+	spring:
+	  security:
+	    oauth2:
+	      resourceserver:
+	        jwt:
+	          audiences:
+	            - "my-audience"
+----
+
+The same properties are applicable for both servlet and reactive applications.
 Alternatively, you can define your own `JwtDecoder` bean for servlet applications or a `ReactiveJwtDecoder` for reactive applications.
 
 In cases where opaque tokens are used instead of JWTs, you can configure the following properties to validate tokens through introspection:
@@ -220,25 +233,9 @@ In cases where opaque tokens are used instead of JWTs, you can configure the fol
 ----
 
 Again, the same properties are applicable for both servlet and reactive applications.
-
 Alternatively, you can define your own `OpaqueTokenIntrospector` bean for servlet applications or a `ReactiveOpaqueTokenIntrospector` for reactive applications.
 
-To enable audience validation, set the `configprop:spring.security.oauth2.resourceserver.jwt.audiences[]` property in your Spring Boot application
-configuration file. This property specifies the expected value(s) of the aud claim in JWTs.
-
-For example, to expect the JWTs to contain an aud claim with the value `my-audience`, you can add the following line to your 
-application.properties file:
 
-[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
-----
-	spring:
-	  security:
-	    oauth2:
-	      resourceserver:
-	        jwt:
-	          audiences:
-	            - "my-audience"
-----
 
 [[web.security.oauth2.authorization-server]]
 ==== Authorization Server
