docs(auth): improve docs of Jwt struct (#2223)

This commit is contained in:
David Bottiau 2023-07-04 22:15:20 +02:00 committed by GitHub
parent b338472cab
commit 650eaab179
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -86,10 +86,14 @@ impl<T, P> Credentials<T, Jwt> for Scope<'_, P> where P: Serialize {}
/// A JSON Web Token for authenticating with the server.
///
/// This struct represents a JSON Web Token (JWT) that can be used for authentication purposes.
/// It is important to note that this implementation does not provide any security measures to
/// protect the token.
/// It is important to note that this implementation provide some security measures to
/// protect the token:
/// * the debug implementation just prints `Jwt(REDACTED)`,
/// * `Display` is not implemented so you can't call `.to_string()` on it
///
/// You should take care to ensure that only authorized users have access to the JWT.
/// You can still have access to the token string using either
/// [`as_insecure_token`](Jwt::as_insecure_token) or [`into_insecure_token`](Jwt::into_insecure_token) functions.
/// However, you should take care to ensure that only authorized users have access to the JWT.
/// For example:
/// * it can be stored in a secure cookie,
/// * stored in a database with restricted access,