Fixes based on code review

m-mohr · m-mohr · commit 37685e1be004 · 2025-10-21T12:02:17.000+02:00
diff --git a/openapi.yaml b/openapi.yaml
@@ -6781,8 +6781,9 @@ components:
            If the concept of an issuer doesn not exist in an authentication method (e.g. in HTTP Basic),
            implementations could use the endpoint for Basic Authentication as the issuer, for example.
 
-           If this method is supported by the openEO implementation,
-           the server MUST provide the conformance class given above.
+           openEO backend implementations MUST signal their support for JWT by listing the given
+           conformance class. Likewise, openEO clients SHOULD only use JWT when the openEO backend
+           lists the conformance class.
 
         2. **openEO Tokens - DEPRECATED**
 
@@ -6802,10 +6803,10 @@ components:
            All servers must accept this method for backward compatibility
            until version 2.0 of the specification.
 
-          The access tokens provided by the identity provider do not include
-          the prefix that includes the authentication method and provider ID.
-          The Bearer Token sent to the server MUST have the prefix, e.g. `basic//` for Basic authentication.
-          This means that the clients have to prepend the prefix.
+           The access tokens provided by the identity provider do not include
+           the prefix that includes the authentication method and provider ID.
+           The Bearer Token sent to the server MUST have the prefix, e.g. `basic//` for Basic authentication.
+           This means that the clients have to prepend the prefix.
         
         JWT and openEO tokens can be distinguished by the presence of a slash
         `/` in the token, which JWT can never contain due to the Base64 encoding.
