README.md in gds-sso-3.1.1 vs README.md in gds-sso-4.0.0

- old
+ new
@@ -28,25 +28,26 @@
       config.oauth_id     = ENV['OAUTH_ID']
       config.oauth_secret = ENV['OAUTH_SECRET']
 
       # optional config for location of signonotron2
       config.oauth_root_url = "http://localhost:3001"
-
-      # optional config for API Access (requests which accept application/json)
-      config.basic_auth_user = 'api'
-      config.basic_auth_password = 'secret'
     end
 
 The user model must include the GDS::SSO::User module.
 
 It should have the following fields:
     string   "name"
     string   "email"
     string   "uid"
-    text     "permissions"
+    array    "permissions"
     boolean  "remotely_signed_out", :default => false
 
 You also need to include `GDS::SSO::ControllerMethods` in your ApplicationController
+
+For ActiveRecord, you probably want to declare permissions as "serialized" like this:
+
+    serialize :permissions, Array
+
 
 ## Use in development mode
 
 In development, you generally want to be able to run an application without needing to run your own SSO server to be running as well. GDS-SSO facilitates this by using a 'mock' mode in development. Mock mode loads an arbitrary user from the local application's user tables:
 