diff --git a/notes/token_exchange_in_iroh_auth.org b/notes/token_exchange_in_iroh_auth.org
index 25171019..07a6da3a 100644
--- a/notes/token_exchange_in_iroh_auth.org
+++ b/notes/token_exchange_in_iroh_auth.org
@@ -121,4 +121,5 @@ Once the subject is selected, the client could then use the Token Exchange with:
 - a ~subject_token~ retrieved from the previous call. This should be a JWT signed
   by IROH-Auth. I think it would be safe to have an infinite or at least very
   long lifetime for these JWT.
--
+- an ~access_token~ generated from the client object handled to the client. This
+  way IROH-Auth could authenticate the client.