Merge pull request rails#49487 from yawboakye/clarify-login-procedure-expectation

rafaelfranca · web-flow · commit 9667e4a09cc5 · 2023-10-05T01:56:42.000+02:00
Clarify `login_procedure`'s responsibility during request authentication
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -424,7 +424,9 @@ module Token
 
       module ControllerMethods
         # Authenticate using an HTTP Bearer token, or otherwise render an HTTP
-        # header requesting the client to send a Bearer token.
+        # header requesting the client to send a Bearer token. For the authentication
+        # to be considered successful, `login_procedure` should return a non-nil
+        # value. Typically, the authenticated user is returned.
         #
         # See ActionController::HttpAuthentication::Token for example usage.
         def authenticate_or_request_with_http_token(realm = "Application", message = nil, &login_procedure)
