diff --git a/lib/auth/httpAuthMiddleware.js b/lib/auth/httpAuthMiddleware.js
index f2d0642..8bd5774 100644
--- a/lib/auth/httpAuthMiddleware.js
+++ b/lib/auth/httpAuthMiddleware.js
@@ -20,11 +20,8 @@ module.exports = {
                     if (req.session.ffSession) {
                         next()
                     } else if (req.get('Authorization')?.startsWith('Bearer')) {
-                        // need to make a HTTP request against the forge platform to check
-                        // the token. Should we cache the token to reduce round trip on every
-                        // request?
                         // We should include the Project ID and the path along with the token
-                        // to be checked
+                        // to be checked to allow scoping tokens
                         const token = req.get('Authorization').split(' ')[1]
                         const cacheHit = httpTokenCache[token]
                         if (cacheHit) {