make the example more readable

[aeneasr]

The example is not very readable right now and might be confusing to new developers. I gladly accept any PRs that improve the examples :)

[metalmatze]

Hey, talking about examples. Is there an example about how to secure my endpoint?
I can't find anything about extracting the Bearer and passing it on.
Thanks!

[aeneasr]

Hey, securing your resource servers is out of OAuth2 scope because there are different requirements in each environment. OAuth2-related publications are dealing with external endpoints (e.g. oauth2 token intropsection) but these are most of the times not compatible with what resource servers require.

As an example: If you use JWT (which is supported in fosite), you could simply validate the tokens cryptographically without any additional call to the authorization server.

What you want to do (most of the times) is extract the bearer token from the authorization header, make a lookup in the database and return all neccessary information to your environment (subject, issuer, scopes, permissions - whatever you need).

I am currently working on a draft for such an endpoint in Hydra. I did not start developing it yet but it might be a good idea to take a look there once in a while: ory/hydra#48

[aeneasr]

Is there an example about how to secure my endpoint?

Yes, with ValidateRequestAuthorization(ctx context.Context, req *http.Request, session interface{}, scope ...string) (AccessRequester, error)