From a47232f256ae2d1463efa15e284ad36c2887e1c2 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 10 Jan 2023 14:04:54 +0100
Subject: clarify KYC options for oauth2.0 some more

---
 manpages/taler.conf.5.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'manpages/taler.conf.5.rst')

diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index 4ab82356..357c23fc 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -174,13 +174,13 @@ KYC_OAUTH2_VALIDITY
   Duration (e.g. "12 months") of the validity of the performed KYC check. Can be "forever".
 
 KYC_OAUTH2_AUTH_URL
-  URL of the OAuth2 endpoint to be used for KYC checks. Example: "http://localhost:8888/oauth/v2/login" (or "/token")
+  URL of the OAuth2 endpoint to be used for KYC checks. This is where the server will ultimately send the authorization token from the client and obtain its access token (which currently must be a "bearer" token). Example: "http://localhost:8888/oauth/v2/auth" (or "/token")
 
 KYC_OAUTH2_LOGIN_URL
-  URL of the OAuth2 endpoint to be used for KYC checks. Example: "http://localhost:8888/oauth/v2/login"
+  URL of the OAuth2 endpoint to be used for KYC checks. The login URL will be encoded as part of the 'redirect_uri' argument of the request to the KYC_AUTH2_AUTH_URL. Typically, the user will then be redirected to this URL to log in. Example: "http://localhost:8888/oauth/v2/login"
 
 KYC_OAUTH2_INFO_URL
-  URL of the endpoint where the OAuth 2.0 token can be used to download the user's details. Example: "http://localhost:8888/api/user/me"
+  URL of the endpoint where the OAuth 2.0 token can be used to download the user's details. The server will use the access token obtained from the KYC_AUTH2_AUTH_URL to show that it is authorized to obtain the details. Example: "http://localhost:8888/api/user/me" or "http://localhost:8888/oauth/v2/info"
 
 KYC_OAUTH2_CLIENT_ID
   Client ID of the exchange when it talks to the KYC OAuth2 endpoint. 
@@ -189,7 +189,7 @@ KYC_OAUTH2_CLIENT_SECRET
   Client secret of the exchange to use when talking to the KYC Oauth2 endpoint. 
 
 KYC_OAUTH2_POST_URL
-  URL to which the exchange will redirect the client's browser after successful authorization/login for the KYC process.
+  URL to which the exchange will redirect the client's browser after successful authorization/login for the KYC process. Example: "http://example.com/thank-you"
 
 
 EXCHANGE KYC KYCAID OPTIONS
-- 
cgit v1.2.3