diff --git a/notes/customer_manager.org b/notes/customer_manager.org
index 22ac6448..02882322 100644
--- a/notes/customer_manager.org
+++ b/notes/customer_manager.org
@@ -39,16 +39,7 @@ that will continue to use an older access token from the wrong org/tenant.
 Idea, give other teams a trusted client.
 With this client and a user-id the team could get tokens for this user-id.
 
-The API will provide a new custom route.
-So teams could be given a unique OAuth2 client that will be /trusted/ by
-IROH administrators.
-
-With this client and a user id, the team will get back a couple
-access/refresh token for their client (limited to their scopes).
-
-This makes it possible, once a user is authenticated inside IROH-Auth to
-hand tokens to other teams.
-One mechanism to handle this situation is the webhook, but we could also use OpenID Connect, etc..
+This is a probably safer mechanism than webhooks that do not involve any =client-secret=.
 
 *** org-level credentials