diff --git a/src/OAuth2/Server.php b/src/OAuth2/Server.php
index 3ef171ac4..7e98c47fd 100644
--- a/src/OAuth2/Server.php
+++ b/src/OAuth2/Server.php
@@ -299,9 +299,9 @@ public function handleAuthorizeRequest(OAuth2_RequestInterface $request, $is_aut
     /**
      * Pull the authorization request data out of the HTTP request.
      * - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it
-     * by setting CONFIG_ENFORCE_INPUT_REDIRECT to true.
+     * by setting $config['enforce_redirect'] to true.
      * - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that
-     * CSRF protection is MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.
+     * CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.
      *
      * The draft specifies that the parameters should be retrieved from GET, override the Response
      * object to change this