Update README

go-chi · Oct 10, 2017 · 9f0ed74 · 9f0ed74
1 parent e6503c4
commit 9f0ed74
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -23,12 +23,11 @@ plain-text payload for all unverified tokens and passes the good ones through. Y
 also copy the Authenticator and customize it to handle invalid tokens to better fit
 your flow (ie. with a JSON error response body).
 
-The `Verifier` will search for a JWT token in a http request, in the order:
+By default, the `Verifier` will search for a JWT token in a http request, in the order:
 
 1. 'jwt' URI query parameter
 2. 'Authorization: BEARER T' request header
-3. Cookie 'jwt' value
-4. (optional), use `jwtauth.Verify("state")` for additional query/cookie parameter aliases
+3. 'jwt' Cookie value
 
 The first JWT string that is found as a query parameter, authorization header
 or cookie header is then decoded by the `jwt-go` library and a *jwt.Token
@@ -40,6 +39,11 @@ be the generic `jwtauth.Authenticator` middleware or your own custom handler
 which checks the request context jwt token and error to prepare a custom
 http response.
 
+Note: jwtauth supports custom verification sequences for finding a token
+from a request by using the `Verify` middleware instantiator directly. The default
+`Verifier` is instantiated by calling `Verify(ja, TokenFromQuery, TokenFromHeader, TokenFromCookie)`.
+
+
 # Usage
 
 See the full [example](https://github.com/go-chi/jwtauth/blob/master/_example/main.go).