From d368da6b198529880ae2b6e0a806b655e04c6bfa Mon Sep 17 00:00:00 2001
From: Bram Reyniers <55666730+reyniersbram@users.noreply.github.com>
Date: Wed, 6 Mar 2024 23:39:33 +0100
Subject: [PATCH] update backend readme for explanation authentication

---
 backend/README.md | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/backend/README.md b/backend/README.md
index 4672a1c4..d8bb2958 100644
--- a/backend/README.md
+++ b/backend/README.md
@@ -1,22 +1,15 @@
-## Run the backend api
+# Backend API
 
-### Setup
+## Running the API
 
-#### In this directy execute the following command to create a python environment:
+### Setup
 
 ```sh
+# Create a python virtual environment
 python -m venv venv
-```
-
-#### Activate the environment:
-
-```sh
+# Activate the environment
 source venv/bin/activate
-```
-
-#### Install the dependencies:
-
-```sh
+# Install dependencies
 pip install -r requirements.txt
 ```
 
@@ -26,6 +19,8 @@ pip install -r requirements.txt
 api_url: https://localhost:8080
 cas_server_url: https://login.ugent.be
 database_uri: "database connection string: postgresql://..., see discord..."
+secret_key: "<secret key to sign JWT tokens>"
+algorithm: "<algorithm used to sign JWT tokens>"
 ```
 
 ### Usage
@@ -52,7 +47,16 @@ source venv/bin/activate
 
 It will start a local development server on port `8080`
 
+## The API
+
+## Login
+
+The `/api/login` endpoint will redirect the user to a CAS login page. After
+authentication, a [JWT](https://jwt.io/) token will be returned to the user.
+This token has to be send in the `Authorization` header of each request to
+access protected endpoints.
 
+## Developing
 
 #### To format the python code in place to conform to PEP 8 style: