From 8662579f1af7ba1d8b6a35718243bd719600a23f Mon Sep 17 00:00:00 2001
From: Aaron Godin <godinaaweb@gmail.com>
Date: Thu, 16 Jan 2020 14:24:53 -0800
Subject: [PATCH] Make clearer sections in the Readme

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 00eb5a50..da37ce87 100644
--- a/README.md
+++ b/README.md
@@ -25,8 +25,12 @@ app.get('/protected',
   });
 ```
 
+The decoded JWT payload is available on the request via the `user` property. This can be configured using the `requestProperty` option ([see below](#retrieving-the-decoded-payload)).
+
 > The default behavior of the module is to extract the JWT from the `Authorization` header as an [OAuth2 Bearer token](https://oauth.net/2/bearer-tokens/).
 
+### Additional Options
+
 You can specify audience and/or issuer as well:
 
 ```javascript
@@ -62,6 +66,8 @@ var publicKey = fs.readFileSync('/path/to/public.pub');
 jwt({ secret: publicKey });
 ```
 
+### Retrieving the Decoded Payload
+
 By default, the decoded token is attached to `req.user` but can be configured with the `requestProperty` option.
 
 
@@ -77,6 +83,8 @@ jwt({ secret: publicKey, resultProperty: 'locals.user' });
 
 Both `resultProperty` and `requestProperty` utilize [lodash.set](https://lodash.com/docs/4.17.2#set) and will accept nested property paths.
 
+### Customizing Token Location
+
 A custom function for extracting the token from a request can be specified with
 the `getToken` option. This is useful if you need to pass the token through a
 query parameter or a cookie. You can throw an error in this function and it will