review suggestions

Author: rsill-neo4j

modules/ROOT/pages/security/configuration.adoc

@@ -17,7 +17,7 @@ The Neo4j GraphQL Library can accept two types of JWTs:
 
 === Encoded JWTs
 
-To use encoded JWTs, the library must to be configured with a key to decode and verify the tokens.
+To use encoded JWTs, the library can be configured with a key to decode and verify the tokens.
 The following code block uses Apollo Server, extracts the `Authorization` header from the request and puts it in the appropriate context field:
 
 [source, typescript, indent=0]
@@ -36,7 +36,7 @@ const { url } = await startStandaloneServer(server, {
 
 Optionally, if a custom decoding mechanism is required, that same header can be decoded and the resulting JWT payload put into the `jwt` field of the context.
 
-// ^ Can we show the above in a code listing?
+Alternatively, you can decode a token via a xref:#_jwks_endpoint[].
 
 ==== Symmetric secret
 
@@ -74,8 +74,6 @@ new Neo4jGraphQL({
 
 ==== Passing in encoded JWTs
 
-// What about decoded JWTs?
-
 To pass in an encoded JWT, use the token field of the context.
 When using Apollo Server, extract the authorization header into the token property of the context:
 
@@ -119,9 +117,27 @@ interface JwtPayload {
 [WARNING]
 Do not pass in the header or the signature.
 
+
 === Decoded JWTs
 
-// What could be added here?
+A decoded JWT is passed to the context in a similar way that an encoded JWT is.
+However, instead of using a token, it uses the `jwt` field:
+
+[source, typescript, indent=0]
+----
+const jwt = customImplementation();
+
+const { url } = await startStandaloneServer(server, {
+    listen: { port: 4000 },
+    context: async ({ req }) => ({
+        jwt: jwt,
+    }),
+});
+----
+
+`customImplementation` is a placeholder for a function that provides a decoded JWT.
+Using `jwt` instead of `token` in the `context` informs the Neo4jGraphQL library that it doesn't need to decode it.
+
 
 == Adding JWT claims