From 95ff67ddb46ae0bd75d93e7f56837dce2b2d0d90 Mon Sep 17 00:00:00 2001
From: Fabian Kammel <datosh18@gmail.com>
Date: Fri, 18 Apr 2025 16:13:39 +0200
Subject: [PATCH] Apply suggestions from code review

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 book/src/integrations/oauth2/examples.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/book/src/integrations/oauth2/examples.md b/book/src/integrations/oauth2/examples.md
index 2d5dae661..f0b33062d 100644
--- a/book/src/integrations/oauth2/examples.md
+++ b/book/src/integrations/oauth2/examples.md
@@ -618,10 +618,10 @@ client_secret = "<SECRET>"
 ## OPKSSH
 
 [OPKSSH](https://github.com/openpubkey/opkssh) is a tool of the
-[OpenPubkey](https://github.com/openpubkey/openpubkey) project. It enables ssh
-to be used with OpenID Connect allowing SSH access to be managed via identities
-like alice@example.com instead of long-lived SSH keys. It does not replace SSH,
-but instead generates SSH keys on the fly, and augments the verification process
+[OpenPubkey](https://github.com/openpubkey/openpubkey) project. It enables SSH
+to be used with OpenID Connect allowing access to be managed via identities
+like `alice@example.com` instead of long-lived private keys. It does not replace SSH,
+but instead generates private keys on the fly, and augments the verification process
 on the server side.
 
 To set up OPKSSH to authenticate with Kanidm:
@@ -645,7 +645,7 @@ To set up OPKSSH to authenticate with Kanidm:
     the redirect URL, and scope access to the `opkssh_users` group:
 
     ```sh
-    # The last argument, the origin parameter, is required, but a dead link.
+    # The redirect origin is set to localhost for local callbacks
     kanidm system oauth2 create-public opkssh opkssh http://localhost:3000
 
     # Add the specific redirect URIs used by OPKSSH
@@ -677,7 +677,7 @@ To set up OPKSSH to authenticate with Kanidm:
     sudo install opkssh-linux-amd64 /usr/local/bin/opkssh
     rm opkssh-linux-amd64
 
-    # This will open a browser with consent screen
+    # This will open a browser to login via Kanidm
     opkssh login --provider=https://idm.example.com/oauth2/openid/opkssh,opkssh
     ```