Documenting permissions for OAuth tutorial

chrome/common/extensions/docs/tut_oauth.html

 <!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note:
     1) The <head> information in this page is significant, should be uniform
        across api docs and should be edited only with knowledge of the
        templating mechanism.
     3) All <body>.innerHTML is genereated as an rendering step. If viewed in a
        browser, it will be re-generated from the template, json schema and
        authored overview content.
     4) The <body>.innerHTML is also generated by an offline step so that this
        page may easily be indexed by search engines.
 --><html xmlns="http://www.w3.org/1999/xhtml"><head>
@@ skipping 114 matching lines @@
                   <li><a href="history.html">History</a></li>
                   <li><a href="management.html">Management</a></li>
                   <li><a href="tabs.html">Tabs</a></li>
                   <li><a href="windows.html">Windows</a></li>
                 </ul>
               </li>
               <li>Implementation
                 <ul>
                   <li><a href="a11y.html">Accessibility</a></li>
                   <li><a href="background_pages.html">Background Pages</a></li>
+                  <li><a href="transient_background_pages.html">Event Pages</a></li>
                   <li><a href="content_scripts.html">Content Scripts</a></li>
                   <li><a href="xhr.html">Cross-Origin XHR</a></li>
                   <li><a href="i18n.html">Internationalization</a></li>
                   <li><a href="messaging.html">Message Passing</a></li>
                   <li><a href="permissions.html">Optional Permissions</a></li>
                   <li><a href="npapi.html">NPAPI Plugins</a></li>
                 </ul>
               </li>
               <li>Finishing
                 <ul>
@@ skipping 134 matching lines @@
 <pre>var oauth = ChromeExOAuth.initBackgroundPage({
   'request_url': 'https://www.google.com/accounts/OAuthGetRequestToken',
   'authorize_url': 'https://www.google.com/accounts/OAuthAuthorizeToken',
   'access_url': 'https://www.google.com/accounts/OAuthGetAccessToken',
   'consumer_key': 'anonymous',
   'consumer_secret': 'anonymous',
   'scope': 'https://docs.google.com/feeds/',
   'app_name': 'My Google Docs Extension'
 });
 </pre>
+<p>
+To use the OAuth library,
+you must declare the "tabs" permision in the
+<a href="http://code.google.com/chrome/extensions/manifest.html">extension manifest</a>.
+You must also declare the sites you are using
+including the request URL, the authorize URL, access URL,
+and, if necessary, the scope URL.
+For example:
+</p>
+<pre>"permissions": [ "tabs", "https://docs.google.com/feeds/*",
+  "https://www.google.com/accounts/OAuthGetRequestToken",
+  "https://www.google.com/accounts/OAuthAuthorizeToken",
+  "https://www.google.com/accounts/OAuthGetAccessToken" 
+]
+</pre>
 <h3 id="request-token">Fetching and authorizing a request token</h3>
 <p>
 Once you have your background page set up, call the <code>authorize()</code> function to begin the OAuth dance and redirect the user to the OAuth provider. The client library abstracts most of this process, so all you need to do is pass a callback to the <code>authorize()</code> function, and a new tab will open and redirect the user.
 </p>
 <pre>oauth.authorize(function() {
   // ... Ready to fetch private data ...
 });
 </pre>
 <p>
 You don't need to provide any additional logic for storing the token and secret, as this library already stores these values in the browser’s <code>localStorage</code>. If the library already has an access token stored for the current scope, then no tab will be opened. In either case, the callback will be called.
@@ skipping 103 matching lines @@
     _uff=0;
     urchinTracker();
   }
   catch(e) {/* urchinTracker not available. */}
 </script>
 <!-- end analytics -->
       </div>
     </div> <!-- /gc-footer -->
   </div> <!-- /gc-container -->
 </body></html>