From c25e9906801f89605080cc71b3ee23a5e45a5811 Mon Sep 17 00:00:00 2001
From: Eduardo Diaz <eduardo.diaz@auth0.com>
Date: Sat, 24 Jun 2017 11:44:14 +0200
Subject: [PATCH] docs: verifying with base64 encoded secrets

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 48259fa..b1e0364 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,8 @@ jwt.sign({
 `secretOrPublicKey` is a string or buffer containing either the secret for HMAC algorithms, or the PEM
 encoded public key for RSA and ECDSA.
 
+As mentioned in [this comment](https://github.com/auth0/node-jsonwebtoken/issues/208#issuecomment-231861138), there are other libraries that expect base64 encoded secrets (random bytes encoded using base64), if that is your case you can pass `new Buffer(secret, 'base64')`, by doing this the secret will be decoded using base64 and the token verification will use the original random bytes.
+
 `options`
 
 * `algorithms`: List of strings with the names of the allowed algorithms. For instance, `["HS256", "HS384"]`.