From 98d42d5dfa4727a62226c7e1e7106ad1e110bfec Mon Sep 17 00:00:00 2001
From: AbegaM <ebenezermelkamu@gmail.com>
Date: Tue, 23 Apr 2024 17:11:44 +0300
Subject: [PATCH] Add notes for the user creation feature

---
 docs/auth.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/auth.md b/docs/auth.md
index 29ddfa0..ca7df9a 100644
--- a/docs/auth.md
+++ b/docs/auth.md
@@ -2,7 +2,7 @@
 
 Soul incorporates a robust user authentication system that handles user accounts, groups, permissions, and cookie-based user sessions. This section provides an overview of how the default implementation works.
 
-Authentication is switched off by default in Soul, but is enabled when either of the `-a` or  `--auth` flags are provided at the command line.
+Authentication is switched off by default in Soul, but is enabled when either of the `-a` or `--auth` flags are provided at the command line.
 
 ### Overview
 
@@ -132,4 +132,6 @@ Note that you need to be logged in using a user with a role that has creating us
 
 Additionally, it's important to note that the `/api/tables/_users/rows/` endpoint functions slightly differently compared to other `/api/tables/<table_name>/rows/` endpoints. When creating or updating user data through this endpoint, we need to provide the raw passwords, which are then automatically hashed before being stored in the `_hashed_password` field. This extra step enhances the security of the stored passwords.
 
+When creating a user, the required fields are `username` and `password`. However, you also have the flexibility to include additional optional fields. To do this, you will need to modify the schema of the `_users` table in your database using a suitable database editor GUI tool. Simply add the desired field(s) to the database schema for the `_users` table. Once the schema is updated, you can pass the optional field(s) from your client application during user creation.
+
 Furthermore, when retrieving user data, the endpoint automatically filters out sensitive information such as the `_hashed_password` and `_salt` fields. This precautionary measure is in place to address security concerns and ensure that only necessary and non-sensitive information is included in the returned results.