1 files changed, 20 insertions, 15 deletions

diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn
index f251c71..9eff22a 100644
--- a/yarns/200-client-creds.yarn
+++ b/yarns/200-client-creds.yarn
@@ -21,8 +21,8 @@ The `USERPASS` has the client id and secret encoded as is usual for
 [HTTP Basic authentication]: https://en.wikipedia.org/wiki/Basic_access_authentication
 
 Qvisqve checks the `grant_type` parameter, and extracts `USERPASS` to
-get the client id and secret. It compares them against a static list
-of clients, which it reads at startup from its configuration file:
+get the client id and secret. It compares them against statically
+created clients, which it reads from the filesystem.
 
     EXAMPLE Qvisqve configuration file in YAML
     config:
@@ -34,19 +34,24 @@ of clients, which it reads at startup from its configuration file:
         ... deleted from example
         LkLFQC7Y66OYjna457hU545hfF99j7nxdseXQEhV96E4RUIub+6vS8TYDEk=
         -----END RSA PRIVATE KEY-----
-    clients:
-      test_api:
-        client_secret:
-            N: 16384
-            hash: 5cf3b9cab1eacc818b73d229db...a023e938ee598f6c49749ef0429a889f7
-            key_len: 128
-            p: 1
-            r: 8
-            salt: 18112c4c50993ca5db908a15519c51e1
-            version: 1
-        allowed_scopes:
-        - foo
-        - bar
+      store: /var/lib/qvisqve
+
+Each client will be stored as a separate YAML file under the directory
+configured in the "store" configuration variable. For example, the
+client `test_api` is stored in `/var/lib/qvisqve/clients/test_api`:
+
+    EXAMPLE
+    client_secret:
+        N: 16384
+        hash: 5cf3b9cab1eacc818b73d229db...a023e938ee598f6c49749ef0429a889f7
+        key_len: 128
+        p: 1
+        r: 8
+        salt: 18112c4c50993ca5db908a15519c51e1
+        version: 1
+    allowed_scopes:
+    - foo
+    - bar
 
 Qvisqve checks that the client id given by the client is found, and
 that the offered client secret matches what's in the configuration