Merge branch '2.10.x' into qa/merge-up-2.10.1

weierophinney · weierophinney · commit 8540c7246ae3 · 2024-08-07T14:27:58.000-05:00
diff --git a/docs/book/v1/authorization-server.md b/docs/book/v1/authorization-server.md
@@ -21,6 +21,25 @@ use Mezzio\Authentication\OAuth2;
 $app->post('/oauth2/token', OAuth2\TokenEndpointHandler::class);
 ```
 
+## Parsing JSON payloads in the token endpoint
+
+To enable the token endpoint to handle the POST requests in JSON, the [Body Parsing Middleware](https://docs.mezzio.dev/mezzio/v3/features/helpers/body-parse/) helper must be included in the application.
+
+For example:
+
+```php
+use Mezzio\Authentication\OAuth2;
+use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
+
+$app->post('/oauth2/token', [
+    BodyParamsMiddleware::class,
+    OAuth2\TokenEndpointHandler::class
+], 'auth.token');
+```
+
+WARNING: Do not pipe the body parsing middleware as generic middleware.
+This ensures that the content body is only parsed when it is actually expected.
+
 ## Add the authorization endpoint
 
 The authorization endpoint is the URL to which the client redirects
