What prompted me to work on this was that as I was trying to add some custom verification logic, it wasn't obvious to me from the documentation that the Verify* plugs would let a session without a token (e.g. a logged out session) pass, and that EnsureAuthenticated is typically used for little more than checking that a token is present.
So this tries to be more clear on that, and takes the opportunity to do some other minor fixups as well.
What prompted me to work on this was that as I was trying to add some custom verification logic, it wasn't obvious to me from the documentation that the
Verify*
plugs would let a session without a token (e.g. a logged out session) pass, and thatEnsureAuthenticated
is typically used for little more than checking that a token is present.So this tries to be more clear on that, and takes the opportunity to do some other minor fixups as well.