From d7712be5f1cf67b970a75e8152f7e2ca56b6da73 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <stefan.bodewig@innoq.com>
Date: Tue, 9 Jul 2019 13:19:03 +0200
Subject: [PATCH] fix documentation for #271

---
 README.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index f65b8db..cbdf485 100644
--- a/README.md
+++ b/README.md
@@ -206,14 +206,6 @@ h2JHukolz9xf6qN61QMLSd83+kwoBr2drp6xg3eGDLIkQCQLrkY=
              --    https_proxy = "http://<proxy_host>:<proxy_port>/"
              -- }
 
-             -- behavior if the request is not known to be authenticated or the session or the access token have expired:
-             -- be default this results in a redirect to the OpenID Connect Provider' authorization endpoint
-             -- this can be overridden via the unauth_action option:
-             -- allow the request to proceed anyway
-             -- unauth_action = 'pass'
-             -- deny the request right away (results in authenticate returning an error)
-             -- unauth_action = 'deny'
-
              -- Lifecycle Hooks
              -- 
              -- lifecycle = {
@@ -291,6 +283,13 @@ h2JHukolz9xf6qN61QMLSd83+kwoBr2drp6xg3eGDLIkQCQLrkY=
 local res, err = require("resty.openidc").authenticate(opts, nil, "pass")
 ```
 
+## Check authentication only and deny unauthenticated access
+
+```
+-- check session, do not redirect to auth if not already logged in but return an error instead
+local res, err = require("resty.openidc").authenticate(opts, nil, "deny")
+```
+
 ## Sample Configuration for OAuth 2.0 JWT Token Validation
 
 Sample `nginx.conf` configuration for verifying Bearer JWT Access Tokens against a pre-configured secret/key.