add hyperlink

Author: felixheck

README.md

@@ -107,7 +107,7 @@ server.route([
 ## API
 #### Plugin Options
 
-> By default, the Keycloak server has built-in two ways to authenticate the client: client ID and client secret, or with a signed JWT. This plugin supports both. Check the description of `secret` and `publicKey` for further information. If the signed JWTs are used as online strategy, ensure that the identifier of the related realm key is included in their header as `kid`.
+> By default, the Keycloak server has built-in [two ways to authenticate][client-auth] the client: client ID and client secret, or with a signed JWT. This plugin supports both. Check the description of `secret` and `publicKey` for further information. If the signed JWTs are used as online strategy, ensure that the identifier of the related realm key is included in their header as `kid`.
 >
 > | Strategy    | Online | Option      |
 > |:------------|:------:|:------------|
@@ -240,3 +240,4 @@ For further information read the [contributing guideline](CONTRIBUTING.md).
 [hapi-route-options]: https://hapijs.com/api#route-options
 [jwk]: https://tools.ietf.org/html/rfc7517
 [pem]: https://tools.ietf.org/html/rfc1421
+[client-auth]: https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java/client-authentication.html