README.md in gds-sso-13.2.0 vs README.md in gds-sso-13.2.1

@@ -1,16 +1,14 @@
 # GDS-SSO
 
-This gem provides everything needed to integrate an application with [Signon]
-(https://github.com/alphagov/signonotron2). It's a wrapper around [OmniAuth](https://github.com/intridea/omniauth) that adds a 'strategy' for oAuth2 integration against Signon,
+This gem provides everything needed to integrate an application with [Signon](https://github.com/alphagov/signon). It's a wrapper around [OmniAuth](https://github.com/intridea/omniauth) that adds a 'strategy' for oAuth2 integration against Signon,
 and the necessary controller to support that request flow.
 
 Some of the applications that use this gem:
 
 - [content-tagger](https://github.com/alphagov/content-tagger)
 - [publishing-api](https://github.com/alphagov/publishing-api)
-- [panopticon](https://github.com/alphagov/panopticon)
 - [publisher](https://github.com/alphagov/publisher)
 - [search-admin](https://github.com/alphagov/search-admin)
 
 ## Usage
 
@@ -68,25 +66,15 @@
 
 ### Securing your application
 
 [GDS::SSO::ControllerMethods](/lib/gds-sso/controller_methods.rb) provides some useful methods for your application controllers.
 
-To ensure only users who have been granted access to the application can access it use `require_signin_permission!`.
+To make sure that only people with a signon account and permission to use your app are allowed in use `authenticate_user!`.
 
 ```ruby
 class ApplicationController < ActionController::Base
   include GDS::SSO::ControllerMethods
-  before_action :require_signin_permission!
-  # ...
-end
-```
-
-If you want to allow access to everyone with an active Signon account, use `authenticate_user!`.
-
-```ruby
-class ApplicationController < ActionController::Base
-  include GDS::SSO::ControllerMethods
   before_action :authenticate_user!
   # ...
 end
 ```
 
@@ -111,9 +99,11 @@
 authorise_user!(any_of: %w(edit create))
 
 # fails unless the user has both of these permissions
 authorise_user!(all_of: %w(edit create))
 ```
+
+The signon application makes sure that only users who have been granted access to the application can access it (e.g. they have the `signin` permission for your app).  This used to be left up to the applications themselves to check with the `require_signin_permission!` method.  This is now deprecated and can be removed from your controllers.  You should replace it with a call to `authenticate_user!` if you aren't already using that method, otherwise no signon authentication will be performed.
 
 ### Authorisation for API Users
 
 In addition to the single-sign-on strategy, this gem also allows authorisation
 via a "bearer token". This is used by publishing applications to be authorised