From 12342149d3a28ec39db36eed066857da7443194d Mon Sep 17 00:00:00 2001
From: Joe Bowers <joe.bowers@coreos.com>
Date: Fri, 16 Oct 2015 16:54:22 -0700
Subject: [PATCH] fixup: document parseAndVerifyTokenClaims behavior

---
 user/user.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/user/user.go b/user/user.go
index 6a56eb8c..734eaf57 100644
--- a/user/user.go
+++ b/user/user.go
@@ -448,6 +448,11 @@ type TokenClaims struct {
 	Claims jose.Claims
 }
 
+// Returns TokenClaims if and only if
+// - the given token string is an appropriately formatted JWT
+// - the JWT contains nonempty "aud" and "sub" claims
+// - the JWT can be verified for the client associated with the "aud" claim
+//   using the given keys
 func parseAndVerifyTokenClaims(token string, issuer url.URL, keys []key.PublicKey) (TokenClaims, error) {
 	jwt, err := jose.ParseJWT(token)
 	if err != nil {