Improved documentation for auth request token

README.md

@@ -370,9 +370,11 @@ server {
     # requires running with --set-xauthrequest flag
     auth_request_set $user   $upstream_http_x_auth_request_user;
     auth_request_set $email  $upstream_http_x_auth_request_email;
-    auth_request_set $token  $upstream_http_x_auth_request_access_token;  # Available with --pass-access-token flag
     proxy_set_header X-User  $user;
     proxy_set_header X-Email $email;
+
+    # if you enabled --pass-access-token, this will pass the token to the backend
+    auth_request_set $token  $upstream_http_x_auth_request_access_token;
     proxy_set_header X-Token $token;
 
     # if you enabled --cookie-refresh, this is needed for it to work with auth_request