got rid of reason, too much of a footgun

got rid of reason, too much of a footgun

26.md

@@ -114,15 +114,17 @@ Using NIP26, a new oauth-style protocol handler can allow oauth-style login for
 Consider the following link that can be opened as an intent in browser and mobile apps:
 
 ```url
-nkey://auth?id=<uuid>&**uri**=<uri>&kinds=1,2,4,5&action=delegate&from=<epoch>&to=<epoch>&**pubkey**=<64-char hex pub key>&reason=descriptive+text&relays=r1,r2...
+nkey://auth?id=<uuid>&uri=<uri>&kinds=1,2,4,5&action=delegate&from=<epoch>&to=<epoch>&pubkey=<64-char hex pub key>&relays=r1,r2...
 ```
 
-This can open up an associated app or browser that:
+This can open up an associated app or browser that displays the requesting URI information in detail, including certificate information.
+
+Care must be taken to let the user know the full scope requested, the ability of the app to be able to post the kinds requested, etc.
 
  - On success:
      - Posts NIP26 delegate info to the requested relays (if any)
      - Optionally posts delegate info to additional relays (if configured
-     -  POSTs a response to the **URI** containing a delegate key encrypted with the requested pubkey and information about what was approved (if anything)
+     -  POSTs a response to the **uri** containing a delegate key encrypted with the requested pubkey and information about what was approved (if anything)
      ```js
      {
       id:"<request-id>",
@@ -133,7 +135,7 @@ This can open up an associated app or browser that:
       kinds: [1,2]
      } 
      ```
- -On rejection, POSTs a "rejection" to the **URI**
+ -On rejection, POSTs a "rejection" to the **uri**
  {
      id:"<request-id>",
      status:"denied",