fix: documentation updates

README.md

@@ -31,6 +31,22 @@ or clone it from github:
 $ git clone https://github.com/markusberg/ltpa.git
 ```
 
+## API
+
+This is the full API, but normally you'll only use a few of these methods. See examples below.
+
+- `setSecrets(secrets: Secrets)`: Add your server secrets to the library, for later use in validation and signing of tokens
+- `refresh(token: string, domain: string)`: Validate provided token, and return a fresh token
+- `generateUserNameBuf(userName: string)`: Generate a userName Buffer. Currently hardcoded to CP-850, but the true char encoding is LMBCS
+- `generate(userNameBuf: Buffer, domain: string)`: Generate a Base64-encoded Ltpa token
+- `setValidity(seconds: number)`: Set how long a generated token is valid. Default is 5400 seconds (90 minutes).
+- `setStrictExpirationValidation(strict: boolean)`: If set to true, token expiration validation will check the actual validation timestamp in the token instead of the calculated expiration. See the "Known Issues" section below.
+- `setGracePeriod(seconds: number)`: Set the amount of time outside a ticket's validity that we will still accept it. This time is also added to the validity of tokens that are generated. Default is 300 seconds (5 minutes).  
+  **NOTE:** since the grace period is added both on token generation, and during validation, the actual grace period is double what is set here.
+- `getUserName(token: string)`: Retrieve the username as a `string` from the provided token. No validation of the token is performed
+- `getUserNameBuf(token: string)`: Retrieve the username as a `Buffer` from the provided token. No validation of the token is performed
+- `validate(token: string, domain: string)`: Validate provided token. Throws an error if validation fails
+
 ## Example 1
 
 These examples are for [Express](https://expressjs.com/), but the functionality should be easy to adapt to [Koa](https://koajs.com/) or other frameworks.
@@ -118,6 +134,10 @@ $ npm run test:watch
 
 ## Known issues
 
+### Token validity
+
+When validating token expiration, the library will only respect its internal `validity` setting, and will disregard the expiration-date setting in provided tokens. To force the library to use the actual timestamp in the token, use the setStrictExpirationValidation() method. This behaviour might change in version 2.
+
 ### Character set
 
 The module only works with usernames containing characters in the `ibm850` codepage (basically Latin-1). The username in the token _should be_ encoded in an IBM proprietary format called `LMBCS` (Lotus Multi-Byte Character Set) for which I have found no javascript implementation. However, `LMBCS` is backwards compatible with `ibm850` for all characters in that codepage so if your usernames don't contain characters outside of `ibm850`, then you're good to go.