add option to give specific reason phrases 

I'm not sure if this is even something the middleware itself can do, but it would be nice if users could opt to have reason phrases include a bit of information about why an attempted authentication failed, like "invalid signature", or "invalid client" or the like.  The errors are defined, they just aren't being communicated in a client-facing way.