From 54cfdb97829bdce5a6ef228f78408f14c9de520e Mon Sep 17 00:00:00 2001
From: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
Date: Thu, 16 May 2024 16:01:05 -0400
Subject: [PATCH] Update How-to: Implement Multitenancy

Issue gh-663
---
 .../pages/guides/how-to-multitenancy.adoc     | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/docs/modules/ROOT/pages/guides/how-to-multitenancy.adoc b/docs/modules/ROOT/pages/guides/how-to-multitenancy.adoc
index 92c4bf98..1ecb3f44 100644
--- a/docs/modules/ROOT/pages/guides/how-to-multitenancy.adoc
+++ b/docs/modules/ROOT/pages/guides/how-to-multitenancy.adoc
@@ -7,28 +7,12 @@
 This guide shows how to customize Spring Authorization Server to support multiple issuers per host in a multi-tenant hosting configuration.
 The purpose of this guide is to demonstrate a general pattern for building multi-tenant capable components for Spring Authorization Server, which can also be applied to other components to suit your needs.
 
-* xref:guides/how-to-multitenancy.adoc#multi-tenant-enable-multiple-issuers[Enable multiple issuers]
 * xref:guides/how-to-multitenancy.adoc#multi-tenant-define-tenant-identifier[Define the tenant identifier]
+* xref:guides/how-to-multitenancy.adoc#multi-tenant-enable-multiple-issuers[Enable multiple issuers]
 * xref:guides/how-to-multitenancy.adoc#multi-tenant-create-component-registry[Create a component registry]
 * xref:guides/how-to-multitenancy.adoc#multi-tenant-create-components[Create multi-tenant components]
 * xref:guides/how-to-multitenancy.adoc#multi-tenant-add-tenants-dynamically[Add tenants dynamically]
 
-[[multi-tenant-enable-multiple-issuers]]
-== Enable multiple issuers
-
-Support for using multiple issuers per host is disabled by default.
-To enable, add the following configuration:
-
-.AuthorizationServerSettingsConfig
-[source,java]
-----
-include::{examples-dir}/main/java/sample/multitenancy/AuthorizationServerSettingsConfig.java[]
-----
-
-<1> Set to `true` to allow usage of multiple issuers per host.
-
-WARNING: Do not allow for any arbitrary issuer to be used. An allowlist of approved issuers should be enforced.
-
 [[multi-tenant-define-tenant-identifier]]
 == Define the tenant identifier
 
@@ -53,6 +37,20 @@ NOTE: The base URL of the xref:protocol-endpoints.adoc[Protocol Endpoints] is th
 
 Essentially, an issuer identifier with a path component represents the _"tenant identifier"_.
 
+[[multi-tenant-enable-multiple-issuers]]
+== Enable multiple issuers
+
+Support for using multiple issuers per host is disabled by default.
+To enable, add the following configuration:
+
+.AuthorizationServerSettingsConfig
+[source,java]
+----
+include::{examples-dir}/main/java/sample/multitenancy/AuthorizationServerSettingsConfig.java[]
+----
+
+<1> Set to `true` to allow usage of multiple issuers per host.
+
 [[multi-tenant-create-component-registry]]
 == Create a component registry