Services/Auth.md

-The authentication and authorization service is responsible for all login and account management, as well as providing access tokens that other services can check to authorize access to resources.
+The authentication and authorization service is responsible for all login and account management, as well as providing access tokens that other services can check to authorize access to resources. Access tokens are store in Redis keys (`token:<TOKEN_ID>`). The token ID is passed in either a cookie or the http authorization header (Bearer token) and can be checked by every service. Each Redis token has a TTL which effectively logs the user out when it expires.
 
 # Key Requirements
 * Uses a docker container(s)
@@ -11,5 +11,12 @@ The authentication and authorization service is responsible for all login and ac
 * Users can edit their account details and change their password
 * Login using URL username and password (Basic auth) needs to be possible for websockets.
 
-# Current Design
-The implementation at present is based upon an OAuth2 implementation previously done for a Finnish software company. TsED is used to generate the endpoints and Mongo is used as the database.
\ No newline at end of file
+# Events Generated
+None currently, it might generate the following if needed (when authorization is implemented):
+* user create / update / delete
+* login
+* logout
+* group create / update / delete
+
+# Events Consumed
+None.
\ No newline at end of file