fixing readme

Author: karen-avetisyan-mc

README.md

@@ -92,17 +92,18 @@ String authHeader = OAuth.getAuthorizationHeader(uri, method, payload, charset,
 
 #### RSA-PSS support
 
-This library signs requests using OAuth 1.0a `RSA-SHA256`.
+This library signs requests using OAuth 1.0a with an RSA + SHA-256 digest.
 
-* Default: the signature uses the JCA algorithm `SHA256withRSA` (RSA PKCS#1 v1.5).
-* Fallback: on some runtimes/providers, `SHA256withRSA` may not be available while RSA-PSS is.
-  In that case, this library automatically falls back to the JCA algorithm `RSASSA-PSS` using
+* When the runtime/provider supports the JCA algorithm `SHA256withRSA`, the library uses it (RSA PKCS#1 v1.5).
+  In this case, the Authorization header contains `oauth_signature_method="RSA-SHA256"`.
+* If `SHA256withRSA` is not usable and RSA-PSS is, the library falls back to the JCA algorithm `RSASSA-PSS` using
   `SHA-256 / MGF1(SHA-256) / saltLen=32 / trailerField=1`.
+  In this case, the Authorization header contains `oauth_signature_method="RSA-PSS"`.
 
 Notes:
 * The RSA signature scheme (PKCS#1 v1.5 vs PSS) cannot be inferred from an RSA `PrivateKey`.
-  The fallback is based on provider capabilities.
-* If you want to know which algorithm will be used on the current runtime/provider, you can call:
+  The selection is based on provider capabilities.
+* If you want to know which JCA algorithm will be used on the current runtime/provider, you can call:
 
 ```java
 String alg = OAuth.signSignatureBaseStringAlgName("baseString", signingKey, StandardCharsets.UTF_8);