add java doc for

   TokenBasedRedisCredentialsProvider

src/main/java/io/lettuce/authx/TokenBasedRedisCredentialsProvider.java

@@ -18,6 +18,25 @@
 import redis.clients.authentication.core.TokenListener;
 import redis.clients.authentication.core.TokenManager;
 
+/**
+ * A {@link RedisCredentialsProvider} implementation that supports token-based authentication for Redis.
+ * <p>
+ * This provider uses a {@link TokenManager} to manage and renew tokens, ensuring that the Redis client can authenticate with
+ * Redis using a dynamically updated token. This is particularly useful in scenarios where Redis access is controlled via
+ * token-based authentication, such as when Redis is integrated with an identity provider like EntraID.
+ * </p>
+ * <p>
+ * The provider supports streaming of credentials and automatically emits new credentials whenever a token is renewed. It must
+ * be used with {@link io.lettuce.core.ClientOptions.ReauthenticateBehavior#ON_NEW_CREDENTIALS} to automatically re-authenticate
+ * connections whenever new tokens are emitted by the provider.
+ * </p>
+ * <p>
+ * The lifecycle of this provider is externally managed. It should be closed when there are no longer any connections using it,
+ * to stop the token management process and release resources.
+ * </p>
+ *
+ * @since 6.6
+ */
 public class TokenBasedRedisCredentialsProvider implements RedisCredentialsProvider, AutoCloseable {
 
     private static final Logger log = LoggerFactory.getLogger(TokenBasedRedisCredentialsProvider.class);

src/main/java/io/lettuce/core/RedisAuthenticationHandler.java

@@ -190,14 +190,33 @@ private static boolean isSupported(ClientOptions clientOptions) {
         }
     }
 
-    public void postProcess(RedisCommand<K, V, ?> toSend) {
+    /**
+     * Post-processes the command after it is sent to the server.
+     * <p>
+     * If the command type is either {@link RedisCommand.Type#EXEC} or {@link RedisCommand.Type#DISCARD}, the transaction state
+     * is cleared and a check for deferred credentials is initiated.
+     * </p>
+     *
+     * @param toSend the command to post-process
+     */
+    protected void postProcess(RedisCommand<K, V, ?> toSend) {
         if (toSend.getType() == EXEC || toSend.getType() == DISCARD) {
             inTransaction.set(false);
             setCredentials(credentialsRef.getAndSet(null));
         }
     }
 
-    public void postProcess(Collection<? extends RedisCommand<K, V, ?>> dispatched) {
+    /**
+     * Post-processes a collection of dispatched commands after they are sent to the server.
+     * <p>
+     * This method checks if any of the dispatched commands indicate the completion of a transaction (via
+     * {@link RedisCommand.Type#EXEC} or {@link RedisCommand.Type#DISCARD}). If the transaction is complete, it clears the
+     * transaction state and initiates a check for deferred credentials.
+     * </p>
+     *
+     * @param dispatched the collection of dispatched commands to post-process
+     */
+    protected void postProcess(Collection<? extends RedisCommand<K, V, ?>> dispatched) {
         Boolean transactionComplete = null;
         for (RedisCommand<K, V, ?> command : dispatched) {
             if (command.getType() == EXEC || command.getType() == DISCARD) {
@@ -348,7 +367,12 @@ public DisabledAuthenticationHandler() {
         }
 
         @Override
-        public void postProcess(RedisCommand<K, V, ?> toSend) {
+        protected void postProcess(RedisCommand<K, V, ?> toSend) {
+            // No-op
+        }
+
+        @Override
+        protected void postProcess(Collection<? extends RedisCommand<K, V, ?>> dispatched) {
             // No-op
         }