chore(docs): added config to readme

README.md

@@ -34,10 +34,44 @@ You might want to consider using this project in the following cases:
 This custom Lambda Authorizer is designed to be **easy to install and configure**, **cheap**, **highly performant**, and **memory-efficient**. It is currently written in Rust, which is currently the fastest lambda Runtime in terms of cold start and it produces binaries that can provide best-in-class execution performance and a low memory footprint. Rust makes it also easy to compile the Authorizer Lambda for ARM, which helps even further with performance and cost. Ideally this Lambda, should provide minimal cost, even when used to protect Lambda functions that are invoked very frequently.
 
 
+## Installation
+
+This project is meant to be integrated into existing applications (after all, an authorizer is useless without an API).
+
+Different deployment options are available:
+
+- TODO: Deploy from SAR (Serverless Application Repository) using SAM
+- TODO: Deploy from SAR (Serverless Application Repository) using CDK
+- TODO: build and package yourself
+- TODO: use pre-published binaries and package yourself
+- [Build yourself and deploy using SAM](/examples/sam/template.yml)
+- TODO: use pre-published binaries and deploy using CDK
+- TODO: use pre-published binaries and deploy using Terraform
+- TODO: use pre-published binaries and deploy using CloudFormation one-click templates
+
+If you prefer, you can also learn [how to host your own SAR application](/docs/deploy.md#maintain-your-own-sar-application).
+
+
+## Configuration
+
+The authorizer needs to be configured to be adapted to your needs and to be able to communicate with your OIDC provider of choice.
+
+Here's a list of the configuration options that are supported:
+
+| **Parameter Name** | **Environment variable** | **Description**                                                                                                                                                                                                                                                                                                    | **Mandatory** | **Default Value**           |
+|--------------------|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-----------------------------|
+| JwksUri            | JWKS_URI                 | The URL of the OIDC provider JWKS (Endpoint providing public keys for verification).                                                                                                                                                                                                                               | Y             |                             |
+| MinRefreshRate     | MIN_REFRESH_RATE         | The minumum number of seconds to wait before keys are refreshed when the given key is not found.                                                                                                                                                                                                                   | N             | `"900"`                     |
+| PrincipalIdClaims  | PRINCIPAL_ID_CLAIMS      | A comma-separated list of claims defining the token fields that should be used to determine the principal Id from the token. The fields will be tested in order. If there's no match the value specified in the `DefaultPrincipalId` parameter will be used.                                                       | N             | `"preferred_username, sub"` |
+| DefaultPrincipalId | DEFAULT_PRINCIPAL_ID     | A fallback value for the Principal ID to be used when a principal ID claim is not found in the token.                                                                                                                                                                                                              | N             | `"unknown"`                 |
+| AcceptedIssuers    | ACCEPTED_ISSUERS         | A comma-separated list of accepted values for the `iss` claim. If one of the provided values matches, the token issuer is considered valid. If left empty, any issuer will be accepted.                                                                                                                            | N             | `""`                        |
+| AcceptedAudiences  | ACCEPTED_AUDIENCES       | A comma-separated list of accepted values for the `aud` claim. If one of the provided values matches, the token audience is considered valid. If left empty, any issuer audience be accepted.                                                                                                                      | N             | `""`                        |
+| AcceptedAlgorithms | ACCEPTED_ALGORITHMS      | A comma-separated list of accepted signing algorithms. If one of the provided values matches, the token signing algorithm is considered valid. If left empty, any supported token signing algorithm is accepted. Supported values: `ES256`, `ES384`, `RS256`, `RS384`, `PS256`, `PS384`, `PS512`, `RS512`, `EdDSA` | N             | `""`                        |
+
+
 ## ⚠️ WIP
 
 - TODO: document installation process
-- TODO: document configuration options
 - TODO: document supported algorithms
 - TODO: document validation flow
 - TODO: document what gets added into the context and how it can be used for app-level authentication