Skip to content

docs: reframe GoogleJwtResolver as the demo-role hack it actually is#44

Merged
Theauxm merged 1 commit intomainfrom
feat/jwt-google-oidc-sample
Apr 17, 2026
Merged

docs: reframe GoogleJwtResolver as the demo-role hack it actually is#44
Theauxm merged 1 commit intomainfrom
feat/jwt-google-oidc-sample

Conversation

@Theauxm
Copy link
Copy Markdown
Member

@Theauxm Theauxm commented Apr 17, 2026

Summary

Follow-up to #43. The sample's `GoogleJwtResolver.cs` was sending the wrong signal — implying that using Google with Trax requires writing a custom resolver. It doesn't. `AddTraxJwtAuth("https://accounts.google.com\", id)` plus the default resolver is the whole integration for any app whose roles live in standard claims.

This sample only overrides the resolver because it hard-assigns the `Player` role to every signed-in Google user so the trains are exercisable. Pairs with Trax.Docs#74 which adds a "Do you actually need a custom resolver?" section to the SDK reference.

Changes:

  • `GoogleJwtResolver.cs`: extensive class-level remarks explaining when you don't need a custom resolver (most apps) vs the four scenarios that justify one (non-standard role claims, DB enrichment, allow-lists, claim transformation). Marked `internal sealed` to further de-emphasize as a template.
  • `Program.cs` header + inline comment: leads with the one-line path and calls out the custom resolver as a demo-only deviation. Also corrects the `dotnet user-secrets` wiring note.
  • Web sample README: rewrites the warning from "do not copy that pattern" to "most apps don't need this" with a pointer to the resolver's docstring.

No functional changes. Pure documentation and commentary.

Test plan

  • `dotnet build` — 0 warnings
  • `dotnet csharpier check` — clean
  • Sample still works end-to-end (unchanged behavior)

@Theauxm
docs: reframe GoogleJwtResolver as the demo-role hack it actually is
add8084 
The sample's presence of GoogleJwtResolver.cs was sending the wrong
signal — implying that using Google with Trax requires writing a custom
resolver. It doesn't. AddTraxJwtAuth("https://accounts.google.com", id)
plus the default resolver is the whole integration for any app whose
roles live in standard claims.

This sample only overrides the resolver to hand every signed-in Google
user the Player role so the trains are exercisable. The updates:

- GoogleJwtResolver.cs: extensive remarks on "when you don't need a
  custom resolver" (most apps) vs the four scenarios that justify one
  (non-standard role claims, DB enrichment, allow-lists, transformation).
  Marks the class as internal sealed to de-emphasize it as a template.
- Program.cs header + inline comment: lead with the one-line path and
  call out the sample's custom resolver as a demo-only deviation.
- Web sample README: rewrites the warning to say "most apps don't need
  this" rather than "do not copy".
@Theauxm Theauxm force-pushed the feat/jwt-google-oidc-sample branch from 9dd3f9c to add8084 Compare April 17, 2026 20:59
@Theauxm Theauxm merged commit fdeff3b into main Apr 17, 2026
1 check passed
@Theauxm Theauxm deleted the feat/jwt-google-oidc-sample branch April 17, 2026 21:18
@traxsharp
Copy link
Copy Markdown

traxsharp Bot commented May 6, 2026

This PR is included in version 1.21.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Theauxm