Added documentation concerning events

auth-server-events.md

@@ -6,4 +6,38 @@ permalink: /authorization-server/events/
 
 # Authorization server events
 
-## TODO
+During the lifecycle of a request passing through the authorization server a number of events are emitted.
+
+You can subscribe to these events by attaching listeners to the authorization server.
+
+## error.auth.client
+
+~~~ php
+$server->addEventListener('error.auth.client', function ($event) { });
+~~~
+
+This event is emitted when a client fails to authenticate. You might wish to listen to this event in order to ban clients that fail to authenticate after `n` number of attempts.
+
+You can retrieve the request object that was used by calling `getRequest()` on the event object passed into your callable.
+
+## error.auth.user
+
+~~~ php
+$server->addEventListener('error.auth.user', function ($event) { });
+~~~
+
+This event is emitted when a user fails to authenticate. You might wish to listen to this event in order to reset passwords or ban users that fail to authenticate after `n` number of attempts.
+
+You can retrieve the request object that was used by calling `getRequest()` on the event object passed into your callable.
+
+## session.owner
+
+~~~ php
+$server->addEventListener('session.owner', function ($event) { });
+~~~
+
+This event is emitted when a session has been allocated an owner (for example a user or a client).
+
+You might want to use this event to dynamically associate scopes to the session depending on the users role or ACL permissions.
+
+You can access the session entity objected by calling `getSession()` on the event object passed into your callable.