Update README.md

devMls · web-flow · commit a2bc61c675f1 · 2017-01-20T18:22:30.000+01:00
add explanation about how to use coockie or request token
diff --git a/README.md b/README.md
@@ -49,13 +49,23 @@ Install steps:
 
     env JWT_SECRET;
     ```
-1. If your JWT secret is Base64 (URL-safe) encoded, export the `JWT_SECRET_IS_BASE64_ENCODED` environment variable on the Nginx host, setting it equal to `true`.  Then expose it to Nginx server:  
+2. If your JWT secret is Base64 (URL-safe) encoded, export the `JWT_SECRET_IS_BASE64_ENCODED` environment variable on the Nginx host, setting it equal to `true`.  Then expose it to Nginx server:  
     ```lua
     # nginx.conf:
 
     env JWT_SECRET_IS_BASE64_ENCODED;
     ```
 
+3. If you want specify where this script should looking for the token, export the `NGINX_JWT_TOKEN_SITE` environment variable on the Nginx host, setting it equal to `HEADER`, `COOKIE` , `REQUEST`.  Then expose it to Nginx server:  
+    ```lua
+    # nginx.conf:
+
+    env NGINX_JWT_TOKEN_SITE;
+    ```
+ In case that you choose COOKIE or HEADER, this script try to found a "bearer" cookie or request parameter.   
+
+
+
 ## Usage
 
 Now we can start using the script in reverse-proxy scenarios to secure our backing service.  This is done by using the [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) directive to call the `nginx-jwt` script's [`auth()`](#auth) function before executing any [proxy_* directives](http://nginx.org/en/docs/http/ngx_http_proxy_module.html):
