From 354355f85bc19d7afdcadfe32102288c84f7cf5b Mon Sep 17 00:00:00 2001
From: Matthias Hanel <mh@synadia.com>
Date: Tue, 9 Feb 2021 17:08:18 -0500
Subject: [PATCH] mention nats based resolver in nats account server

Signed-off-by: Matthias Hanel <mh@synadia.com>
---
 .../configuration/securing_nats/jwt/resolver.md       | 10 +++++-----
 nats-tools/nas/README.md                              | 11 +++++++----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/nats-server/configuration/securing_nats/jwt/resolver.md b/nats-server/configuration/securing_nats/jwt/resolver.md
index f8b5c6a..4626609 100644
--- a/nats-server/configuration/securing_nats/jwt/resolver.md
+++ b/nats-server/configuration/securing_nats/jwt/resolver.md
@@ -45,7 +45,7 @@ Their commonalities are that they exchange/lookup account jwt via nats and the s
 
 This resolver stores all jwt and exchanges them in an eventually consistent way with other resolver of the same type.
 [`nsc`](../../../../nats-tools/nsc/README.md) supports push/pull/purge with this resolver type. 
-Jwt, uploaded this way, are stored in a directory the server has exclusive access to. 
+[JWTs](../../nats-server/configuration/securing_nats/jwt/), uploaded this way, are stored in a directory the server has exclusive access to. 
 
 ```yaml
 resolver: {
@@ -75,7 +75,7 @@ You need enough to still serve your workload adequately, while some server are o
 
 ### cache
 
-This resolver only stores a subset of jwt and evicts extra ones based on an LRU scheme. 
+This resolver only stores a subset of [JWT](../../nats-server/configuration/securing_nats/jwt/) and evicts extra ones based on an LRU scheme. 
 Missing jwt are downloaded from `full` nats based resolver. 
 This resolver is essentially the URL Resolver in nats.
 
@@ -93,10 +93,10 @@ resolver: {
 
 ### nats based resolver - integration
 
-nats based resolver utilize the system account for lookup and upload of account jwt.
+nats based resolver utilize the system account for lookup and upload of account [JWTs](../../nats-server/configuration/securing_nats/jwt/) .
 If your application requires tighter integration you can make use of these subjects for tighter integration.
 
-To upload or update a possibly on the fly generated account jwt without `nsc`, send it as request to `$SYS.REQ.CLAIMS.UPDATE`.
+To upload or update a possibly on the fly generated account jwt without [`nsc`](../../../../nats-tools/nsc/README.md), send it as request to `$SYS.REQ.CLAIMS.UPDATE`.
 Each participating `full` nats based account resolver will respond with a message detailing success or failure.
 
-To serve a requested account jwt yourself, subscribe to `$SYS.REQ.ACCOUNT.*.CLAIMS.LOOKUP` and respond with the account jwt corresponding to the requested account id (wildcard).
+To serve a requested account [JWT](../../nats-server/configuration/securing_nats/jwt/) yourself and essentially implement an account server, subscribe to `$SYS.REQ.ACCOUNT.*.CLAIMS.LOOKUP` and respond with the account jwt corresponding to the requested account id (wildcard).
diff --git a/nats-tools/nas/README.md b/nats-tools/nas/README.md
index 9ad7f48..97d3813 100644
--- a/nats-tools/nas/README.md
+++ b/nats-tools/nas/README.md
@@ -1,11 +1,14 @@
 # nats-account-server
 
-The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an HTTP server that hosts and vends [JWTs](../../nats-server/configuration/securing_nats/jwt/) for nats-server 2.0 account authentication. The server supports an number of stores which enable it to serve account [JWTs](../../nats-server/configuration/securing_nats/jwt/) from:
-
-* a [directory](nas_conf.md#directory-configuration)
-* an [NSC](../nsc/nsc.md) [directory](nas_conf.md#nsc-configuration)
+The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an HTTP server that hosts and vends [JWTs](../../nats-server/configuration/securing_nats/jwt/) for nats-server 2.0 account authentication. The server supports an number of stores which enable it to serve account [JWTs](../../nats-server/configuration/securing_nats/jwt/) from a [directory](nas_conf.md#directory-configuration)
 
 > The nats server can be configured with a [memory resolver](../../nats-server/configuration/securing_nats/jwt/resolver.md#memory) as well. This avoids usage of the account server.
+> The nats server can be configured with a [nats based resolver](../../nats-server/configuration/securing_nats/jwt/resolver.md#nats-based-resolver) for the same purpose as well.
+> 
+> Usage of [full nats based resolver](../../nats-server/configuration/securing_nats/jwt/resolver.md#nats-based-resolver) over [NATS Account Server](https://github.com/nats-io/nats-account-server) is recommended.
+> 
+> The [NATS Account Server](https://github.com/nats-io/nats-account-server) also speaks the [full nats based resolver](../../nats-server/configuration/securing_nats/jwt/resolver.md#nats-based-resolver) protocol and
+> can be used as such.
 
 The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in [notification mode](notifications.md), where it can notify a NATS server that a JWT in the store has been modified, updating the NATS server with the updated JWT.