From c8a3bbd8113f41dacddfb8df9ecb35cfd10fd665 Mon Sep 17 00:00:00 2001
From: arcuri82 <arcuri82@gmail.com>
Date: Fri, 31 Oct 2025 10:17:47 +0100
Subject: [PATCH 1/3] auth: adding extractFromHeader and headerPostfix in
 TokenHandling

---
 src/main/resources/wfc/schemas/auth.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/wfc/schemas/auth.yaml b/src/main/resources/wfc/schemas/auth.yaml
index 2bcb24c..de270b8 100644
--- a/src/main/resources/wfc/schemas/auth.yaml
+++ b/src/main/resources/wfc/schemas/auth.yaml
@@ -137,13 +137,21 @@ $defs:
         description: "How to extract the token from a JSON response, as such JSON could have few fields, possibly nested. \
                       It is expressed as a JSON Pointer (RFC 6901)."
         type: string
+      extractFromHeader:
+        description: "If the token is sent by the auth server in a HTTP header of the response, specify the name of the \
+                      HTTP header (e.g., 'X-Auth-Token') where the token should be extracted from."
       httpHeaderName:
         description: "When sending a token in an HTTP header, specify to which header to add it (e.g., 'Authorization')."
         type: string
       headerPrefix:
-        description: " When sending out the obtained token in an HTTP header, specify if there should be any \ 
+        description: "When sending out the obtained token in an HTTP header, specify if there should be any \ 
                        prefix (e.g., 'Bearer ' or 'JWT '). If needed, make sure it has trailing space(s)."
         type: string
+      headerPostfix:
+        description: "When sending out the obtained token in an HTTP header, specify if there should be any predefined \
+                      postfix string to append after the token. For example, if the token value must be inside quotes '',
+                      then the closing quote ' can be specified in this postfix."
+        type: string
   ###
   PayloadUsernamePassword:
     description: "Payload with username and password information. \

From bddae699284d06f8f540ee142c7d8fa4b61e005a Mon Sep 17 00:00:00 2001
From: arcuri82 <arcuri82@gmail.com>
Date: Wed, 5 Nov 2025 10:41:47 +0100
Subject: [PATCH 2/3] improved TokenHandling

---
 src/main/resources/wfc/schemas/auth.yaml | 50 ++++++++++++++++--------
 1 file changed, 33 insertions(+), 17 deletions(-)

diff --git a/src/main/resources/wfc/schemas/auth.yaml b/src/main/resources/wfc/schemas/auth.yaml
index de270b8..ae86ebe 100644
--- a/src/main/resources/wfc/schemas/auth.yaml
+++ b/src/main/resources/wfc/schemas/auth.yaml
@@ -129,29 +129,45 @@ $defs:
     required: ["verb"]
   ###
   TokenHandling:
-    description: "Specify how to extract token from response, and how to use it for auth in following requests. \
+    description: "Specify how to extract the token from the HTTP response, and how to use it for auth in following requests. \
                   Not needed if rather expect to get back a cookie."
     type: object
     properties:
-      extractFromField:
-        description: "How to extract the token from a JSON response, as such JSON could have few fields, possibly nested. \
-                      It is expressed as a JSON Pointer (RFC 6901)."
+      extractFrom:
+        description: "Specify from where the token should be extracted in the HTTP response."
         type: string
-      extractFromHeader:
-        description: "If the token is sent by the auth server in a HTTP header of the response, specify the name of the \
-                      HTTP header (e.g., 'X-Auth-Token') where the token should be extracted from."
-      httpHeaderName:
-        description: "When sending a token in an HTTP header, specify to which header to add it (e.g., 'Authorization')."
+        enum: ["body", "header"]
+      extractSelector:
+        description: "How to extract the token from the HTTP response. \
+                      This depends on where the token is located. \ 
+                      For a 'body' location, the returned body payload like a JSON could have few fields, possibly nested. \ 
+                      In this case, this selector is expressed as a JSON Pointer (RFC 6901). \
+                      For a 'header' location, this selector would represent the name of the HTTP header (e.g., 'X-Auth-Token')."
         type: string
-      headerPrefix:
-        description: "When sending out the obtained token in an HTTP header, specify if there should be any \ 
-                       prefix (e.g., 'Bearer ' or 'JWT '). If needed, make sure it has trailing space(s)."
+      sendIn:
+        description: "The obtained auth token could be send for authentication in following requests in different ways. \
+                      For example, in a HTTP header (e.g., 'Authorization') or a query parameter."
         type: string
-      headerPostfix:
-        description: "When sending out the obtained token in an HTTP header, specify if there should be any predefined \
-                      postfix string to append after the token. For example, if the token value must be inside quotes '',
-                      then the closing quote ' can be specified in this postfix."
+        enum: ["header", "query"]
+      sendName:
+        description: "Header or query name where the token should be put in the authenticated requests. \
+                      Typically, for a header, this would be 'Authorization'."
         type: string
+        examples:
+          - "Authorization"
+      sendFormat:
+        description: "Template with {token} placeholder. \ 
+                      The placeholder will be interpolated with the actual token value.  \
+                      When sending out the obtained token in an HTTP request, specify if there should be any other \
+                      text information around it. \    
+                      For example, when sending the token in an 'Authorization' header, possible \
+                      values could be 'Bearer {token}' and 'JWT {token}'."
+        type: string
+        default: "{token}"
+        examples:
+          - "Bearer {token}"
+          - "JWT {token}"
+    required: ["extractFrom", "extractSelector", "sendIn", "sendName"]
   ###
   PayloadUsernamePassword:
     description: "Payload with username and password information. \
@@ -170,4 +186,4 @@ $defs:
       passwordField:
         description: "The name of the field in the body payload containing the password"
         type: string
-    required: ["username","usernameField","password","passwordField"]
\ No newline at end of file
+    required: ["username","usernameField","password","passwordField"]

From 2d73ede1dbf98d28b5e661213d6b83b5b5fdba9e Mon Sep 17 00:00:00 2001
From: arcuri82 <arcuri82@gmail.com>
Date: Fri, 14 Nov 2025 09:42:16 +0100
Subject: [PATCH 3/3] renamed property into sendTemplate

---
 src/main/resources/wfc/schemas/auth.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/wfc/schemas/auth.yaml b/src/main/resources/wfc/schemas/auth.yaml
index ae86ebe..acd64cb 100644
--- a/src/main/resources/wfc/schemas/auth.yaml
+++ b/src/main/resources/wfc/schemas/auth.yaml
@@ -155,7 +155,7 @@ $defs:
         type: string
         examples:
           - "Authorization"
-      sendFormat:
+      sendTemplate:
         description: "Template with {token} placeholder. \ 
                       The placeholder will be interpolated with the actual token value.  \
                       When sending out the obtained token in an HTTP request, specify if there should be any other \