diff --git a/README.md b/README.md
index 8f3936df..7102c79e 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,10 @@ This package is currently in the active development.
             # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
             refresh_token_ttl: P1M
 
+            # How long the issued auth code should be valid for.
+            # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
+            auth_code_ttl: PT10M
+
         resource_server:
 
             # Full path to the public key file
@@ -108,10 +112,11 @@ You can verify that everything is working by issuing a `GET` request to the `/to
 so that only logged in users can approve authorization requests.
 You should review your `security.yml` file. Here is a sample configuration:
 
-    ```yaml
+```yaml
+security:
     access_control:
         - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }
-    ```
+```
 
 ## Configuration