Add more clearity about variables

doc/security.md

@@ -23,7 +23,7 @@ and guess what should contain `$password`. The `$method` can contain one of the
 
 The required value of `$password` depends on the chosen `$method`. For `Github\Client::AUTH_URL_TOKEN`,
 `Github\Client::AUTH_HTTP_TOKEN` and `Github\Client::JWT` methods you should provide the API token in
-`$username` variable (`$password` is omitted in this particular case). For the
+`$usernameOrToken` variable (`$password` is omitted in this particular case). For the
 `Github\Client::AUTH_HTTP_PASSWORD`, you should provide the password of the account. When using `Github\Client::AUTH_URL_CLIENT_ID`
 `$usernameOrToken` should contain your client ID, and `$password` should contain client secret.
 
@@ -47,7 +47,7 @@ Note however that GitHub describes this method as deprecated. In most case you s
 
 To authenticate as an integration you need to supply a JSON Web Token with `Github\Client::AUTH_JWT` to request
 and installation access token which is then usable with `Github\Client::AUTH_HTTP_TOKEN`. [Github´s integration
-authentication docs](https://developer.github.com/early-access/integrations/authentication/) describe the flow in detail.
+authentication docs](https://developer.github.com/apps/building-github-apps/authentication-options-for-github-apps/#authenticating-as-a-github-app) describe the flow in detail.
 It´s important for integration requests to use the custom Accept header `application/vnd.github.machine-man-preview`.
 
 The following sample code authenticates as an installation using [lcobucci/jwt](https://github.com/lcobucci/jwt/tree/3.2.0)
@@ -74,3 +74,6 @@ $github->authenticate($jwt, null, Github\Client::AUTH_JWT);
 $token = $github->api('apps')->createInstallationToken($installationId);
 $github->authenticate($token['token'], null, Github\Client::AUTH_HTTP_TOKEN);
 ```
+
+The `$integrationId` you can find in the about section of your github app.
+The `$installationId` you can find by installing the app and using the id in the url.