From 39f71e449c44f9ef4da3916cdc05be852672d735 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antonio=20J=2E=20Garc=C3=ADa=20Lagar?= <ajgarcia@c17.net>
Date: Tue, 15 Oct 2024 08:48:59 +0200
Subject: [PATCH] Document the requirement for logged-in user

---
 docs/index.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 83838e94..b8cabf98 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -137,10 +137,13 @@ security:
         type: php
     ```
 
+## Post-installation
+
 You can verify that everything is working by issuing a `POST` request to the `/token` endpoint.
 
-**❮ NOTE ❯** It is recommended to control the access to the authorization endpoint
-so that only logged in users can approve authorization requests.
+It is required to control access to the authorization endpoint
+so that only logged-in users can approve authorization requests.
+
 You should review your `config/security.yaml` file. Here is a sample configuration:
 
 ```yaml
@@ -149,6 +152,9 @@ security:
         - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }
 ```
 
+> [!IMPORTANT]
+> The requirement for a logged-in user to approve authorization requests was introduced in version `0.9.0`. In previous versions, it was only a recommendation.
+
 ## Configuration
 
 * [Basic setup](basic-setup.md)