Add a note about OAuth2 bearer tokens

aarongodin · jfromaniello · commit c5d841966b70 · 2020-04-07T11:55:27.000-03:00
diff --git a/README.md b/README.md
@@ -25,6 +25,8 @@ app.get('/protected',
   });
 ```
 
+> The default behavior of the module is to extract the JWT from the `Authorization` header as an [OAuth2 Bearer token](https://oauth.net/2/bearer-tokens/).
+
 You can specify audience and/or issuer as well:
 
 ```javascript
