From 13ed958d65981a2744683ffbffae1c0d2c51e36d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Kooman?= <fkooman@tuxed.net>
Date: Tue, 27 Jul 2021 17:19:29 +0200
Subject: [PATCH] make clear that "the only difference" now refers only to
 OAuth

---
 API_V3.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/API_V3.md b/API_V3.md
index ba87edf..deec378 100644
--- a/API_V3.md
+++ b/API_V3.md
@@ -28,10 +28,11 @@ The VPN servers provide an API protected with
 in draft. If the application implemented the [APIv2](API.md), it will also
 work as-is with APIv3. 
 
-The _only_ difference between APIv2 and APIv3 is that refresh tokens are now 
-single use. When using a refresh token, the response includes also a _new_ 
-refresh token. Should a refresh token be used multiple times, the whole 
-authorization is revoked and the client will need to reauthorize.
+The _only_ difference in the OAuth implementation between APIv2 and APIv3 is 
+that refresh tokens are now single use. When using a refresh token, the 
+response includes also a _new_ refresh token. Should a refresh token be used 
+multiple times, the whole authorization is revoked and the client will need to 
+reauthorize.
 
 After some rudimentary tests, it seems all existing eduVPN/Let's Connect! 
 clients are handling this properly.
-- 
2.38.5