Syncing auth language in 3 APIs

schnuerle · schnuerle · commit ba9655a059f4 · 2023-02-08T14:19:42.000-05:00
diff --git a/agency/README.md b/agency/README.md
@@ -34,10 +34,9 @@ This specification uses data types including timestamps, UUIDs, and vehicle stat
 
 [Top][toc]
 
-
 ### Authorization
 
-When making requests, the Agency API expects `provider_id` to be part of the claims in a [JWT](https://jwt.io/) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the Agency. [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
+MDS Agency endpoint producers **SHALL** provide authorization for API endpoints via a bearer token based auth system. When making requests, the endpoints expect `provider_id` to be part of the claims in a [JSON Web Token](https://jwt.io/) (JWT) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the agency. [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
 
 General authorization details are specified in the [Authorization section](/general-information.md#authorization) in MDS General Information.
 
diff --git a/metrics/README.md b/metrics/README.md
@@ -62,7 +62,7 @@ Here are initial design use cases and scenarios for Metrics.
 
 ### For Agencies hosting the Metrics API
 
-When making requests, the Metrics API expects one of two scopes `metrics:read` or `metrics:read:provider` to be present as part of the `scope` claims in a [JSON Web Token](https://jwt.io/) (JWT) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the agency. See MDS [JSON Web Token](/general-information.md#json-web-tokens) guidance.
+MDS Metrics endpoint producers **SHALL** provide authorization for API endpoints via a bearer token based auth system. When making requests, the endpoints expect one of two scopes `metrics:read` or `metrics:read:provider` to be present as part of the `scope` claims in a [JSON Web Token](https://jwt.io/) (JWT) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the agency. [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
 
 If a client has a `metrics:read` scope, they are permitted to read _all_ metrics available via the Metrics API.
 
diff --git a/provider/README.md b/provider/README.md
@@ -46,7 +46,7 @@ This specification uses data types including timestamps, UUIDs, and vehicle stat
 
 ### Authorization
 
-MDS Provider endpoint producers **SHALL** provide authorization for API endpoints via a bearer token based auth system, and [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
+MDS Provider endpoint producers **SHALL** provide authorization for API endpoints via a bearer token based auth system. When making requests, the endpoints expect `provider_id` to be part of the claims in a [JSON Web Token](https://jwt.io/) (JWT) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the agency. [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
 
 General authorization details are specified in the [Authorization section](/general-information.md#authorization) in MDS General Information.
 
