# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1731018829 -3600
# Node ID cce76628c83a258d8bc1ea312d38c07063ae5021
# Parent  8c3bacf3549e54c10a3e13785e57c2340349883c
mod_auth_oauth_external: Reword 'How it works'

Hopefully more readable.

diff -r 8c3bacf3549e -r cce76628c83a mod_auth_oauth_external/README.md
--- a/mod_auth_oauth_external/README.md	Thu Nov 07 22:50:10 2024 +0100
+++ b/mod_auth_oauth_external/README.md	Thu Nov 07 23:33:49 2024 +0100
@@ -11,12 +11,14 @@
 
 # How it works
 
-Clients retrieve tokens somehow, then show them to Prosody, which asks
-the Authorization server to validate them, returning info about the user
-back to Prosody.
+Using OAuth 2.0 in XMPP is explained in [XEP-0493: OAuth Client Login].
+Clients pass tokens from the Authorization Server to Prosody, which
+attempts to validate the tokens using the configured validation
+endpoint.
 
-Alternatively for legacy clients, Prosody receives the users username
-and password and retrieves a token itself, then proceeds as above.
+Legacy clients have to use SASL PLAIN, where Prosody receives the users
+username and password and attempts to validate this using the OAuth 2
+resource owner password grant.
 
 # Configuration