diff --git a/keycloak-hs.cabal b/keycloak-hs.cabal
--- a/keycloak-hs.cabal
+++ b/keycloak-hs.cabal
@@ -1,6 +1,6 @@
 cabal-version: 1.12
 name: keycloak-hs
-version: 1.0.1
+version: 1.1.0
 license: BSD3
 license-file: LICENSE
 copyright: 2019 Corentin Dupont
diff --git a/src/Keycloak/Client.hs b/src/Keycloak/Client.hs
--- a/src/Keycloak/Client.hs
+++ b/src/Keycloak/Client.hs
@@ -35,7 +35,7 @@
 
 -- * Permissions
 
--- | Returns true id the resource is authorized under the given scope.
+-- | Returns true if the resource is authorized under the given scope.
 isAuthorized :: ResourceId -> ScopeName -> Token -> Keycloak Bool
 isAuthorized res scope tok = do
   r <- try $ checkPermission res scope tok
@@ -44,7 +44,7 @@
     Left e | (statusCode <$> getErrorStatus e) == Just 403 -> return False
     Left e -> throwError e --rethrow the error
 
--- | Return the permissions for all resources, under the given scopes.
+-- | Return the permissions for the permission requests.
 getPermissions :: [PermReq] -> Token -> Keycloak [Permission]
 getPermissions reqs tok = do
   debug "Get all permissions"
@@ -56,15 +56,16 @@
   body <- keycloakPost "protocol/openid-connect/token" dat tok
   case eitherDecode body of
     Right ret -> do
+      debug $ "Keycloak returned perms: " ++ (show ret)
       return ret
     Left (err2 :: String) -> do
       debug $ "Keycloak parse error: " ++ (show err2) 
       throwError $ ParseError $ pack (show err2)
-
-getPermString :: PermReq -> [Text]
-getPermString (PermReq (Just (ResourceId id)) []) = [id]
-getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes
-getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes
+  where
+    getPermString :: PermReq -> [Text]
+    getPermString (PermReq (Just (ResourceId id)) []) = [id]
+    getPermString (PermReq (Just (ResourceId id)) scopes) = map (\(ScopeName s) -> (id <> "#" <> s)) scopes
+    getPermString (PermReq Nothing scopes) = map (\(ScopeName s) -> ("#" <> s)) scopes
 
 -- | Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.
 checkPermission :: ResourceId -> ScopeName -> Token -> Keycloak ()
@@ -80,7 +81,7 @@
 
 -- * Tokens
 
--- | Retrieve the user's token
+-- | Retrieve the user's token. This token will be used for every other Keycloak calls.
 getUserAuthToken :: Username -> Password -> Keycloak Token
 getUserAuthToken username password = do 
   debug "Get user token"
@@ -101,7 +102,7 @@
       debug $ "Keycloak parse error: " ++ (show err2) 
       throwError $ ParseError $ pack (show err2)
 
--- | return a Client token
+-- | return a Client token. It is useful to create Resources.
 getClientAuthToken :: Keycloak Token
 getClientAuthToken = do
   debug "Get client token"
@@ -132,14 +133,11 @@
 
 -- * Resource
 
--- | Create a resource.
+-- | Create an authorization resource in Keycloak, under the configured client.
 createResource :: Resource -> Token -> Keycloak ResourceId
 createResource r tok = do
   debug $ convertString $ "Creating resource: " <> (JSON.encode r)
-  -- The user token might not be suitable because it can use another client (such as "dashboard"). 
-  -- however we need "api-server" as client because it's the resource authorization server.
-  tok2 <- getClientAuthToken 
-  body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok2
+  body <- keycloakPost "authz/protection/resource_set" (toJSON r) tok
   debug $ convertString $ "Created resource: " ++ convertString body
   case eitherDecode body of
     Right ret -> do
@@ -156,6 +154,7 @@
   keycloakDelete ("authz/protection/resource_set/" <> rid) tok
   return ()
 
+-- | Delete all resources in Keycloak
 deleteAllResources :: Token -> Keycloak ()
 deleteAllResources tok = do
   debug "Deleting all Keycloak resources..."
@@ -163,10 +162,10 @@
   res <- mapM (\rid -> try $ deleteResource rid tok) ids
   debug $ "Deleted " ++ (show $ L.length $ rights res) ++ " resources out of " ++ (show $ L.length ids)
 
-getResource :: ResourceId -> Keycloak Resource
-getResource (ResourceId rid) = do
-  tok2 <- getClientAuthToken 
-  body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok2
+-- | get a single resource
+getResource :: ResourceId -> Token -> Keycloak Resource
+getResource (ResourceId rid) tok = do
+  body <- keycloakGet ("authz/protection/resource_set/" <> rid) tok
   case eitherDecode body of
     Right ret -> do
       return ret
@@ -174,6 +173,7 @@
       debug $ "Keycloak parse error: " ++ (show err2) 
       throwError $ ParseError $ pack (show err2)
 
+-- | get all resources IDs
 getAllResourceIds :: Keycloak [ResourceId]
 getAllResourceIds = do
   debug "Get all resources"
@@ -221,16 +221,16 @@
       debug $ "Keycloak parse error: " ++ (show err2) 
       throwError $ ParseError $ pack (show err2)
 
--- | Get a single user, based on his Id
-postUser :: User -> Token -> Keycloak UserId
-postUser user tok = do
+-- | Create a user
+createUser :: User -> Token -> Keycloak UserId
+createUser user tok = do
   res <- keycloakAdminPost ("users/") (toJSON user) tok 
   debug $ "Keycloak success: " ++ (show res) 
   return $ UserId $ convertString res
 
 -- | Get a single user, based on his Id
-putUser :: UserId -> User -> Token -> Keycloak ()
-putUser (UserId id) user tok = do
+updateUser :: UserId -> User -> Token -> Keycloak ()
+updateUser (UserId id) user tok = do
   keycloakAdminPut ("users/" <> (convertString id)) (toJSON user) tok 
   return ()
 
@@ -352,6 +352,8 @@
     Left err -> do
       warn $ "Keycloak HTTP error: " ++ (show err)
       throwError $ HTTPError err
+
+
 -- * Helpers
 
 debug, warn, info, err :: (MonadIO m) => String -> m ()
