Fix comment

lib/auth/httpAuthMiddleware.js

@@ -20,11 +20,8 @@ module.exports = {
                     if (req.session.ffSession) {
                         next()
                     } else if (req.get('Authorization')?.startsWith('Bearer')) {
-                        // need to make a HTTP request against the forge platform to check
-                        // the token. Should we cache the token to reduce round trip on every
-                        // request?
                         // We should include the Project ID and the path along with the token
-                        // to be checked
+                        // to be checked to allow scoping tokens
                         const token = req.get('Authorization').split(' ')[1]
                         const cacheHit = httpTokenCache[token]
                         if (cacheHit) {