From 05850693618191672e4670b7a77c3140c0e1bdac Mon Sep 17 00:00:00 2001 From: mountford Date: Tue, 11 Jul 2017 14:39:31 -0700 Subject: [PATCH] Clarify OAuth configuration documentation ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=161583493 --- docs/configuration.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 51b9830e6..f0249d147 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -98,16 +98,16 @@ make changes to it, and include your new version instead of the default one in all Dagger components. All of these options will be replaced with YAML configuration settings in the near future. -## OAuth2 client id configuration +## OAuth 2 client id configuration -By default, the open source Nomulus release uses OAuth2 to authenticate and -authorize users. This includes the `nomulus` tool when it connects to the system -to execute commands. OAuth2 must be configured before you can use the `nomulus` -tool to set up the system. +The open source Nomulus release uses OAuth 2 to authenticate and authorize +users. This includes the `nomulus` tool when it connects to the system to +execute commands. OAuth must be configured before you can use the `nomulus` tool +to set up the system. -OAuth2 defines the concept of a *client id*, which identifies the application +OAuth defines the concept of a *client id*, which identifies the application which the user wants to authorize. This is so that, when a user clicks in an -OAuth2 permission dialog and grants access to data, they are not granting access +OAuth permission dialog and grants access to data, they are not granting access to every application on their computer (including potentially malicious ones), but only to the application which they agree needs access. Each installation of the Nomulus system should have its own client id. The same client id can be used