From c5d841966b70584fa51f766d7cb2b17ae1db6681 Mon Sep 17 00:00:00 2001
From: Aaron Godin <godinaaweb@gmail.com>
Date: Mon, 13 Jan 2020 10:45:55 -0600
Subject: [PATCH] Add a note about OAuth2 bearer tokens

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index ccefcc44..71050fd4 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,8 @@ app.get('/protected',
   });
 ```
 
+> The default behavior of the module is to extract the JWT from the `Authorization` header as an [OAuth2 Bearer token](https://oauth.net/2/bearer-tokens/).
+
 You can specify audience and/or issuer as well:
 
 ```javascript