diff --git a/README.md b/README.md
index 4bab75a..5b0440e 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ const getJwks = buildGetJwks({
   max: 100,
   ttl: 60 * 1000,
   timeout: 5000,
-  allowedDomains: ['https://example.com'],
+  issuersWhitelist: ['https://example.com'],
   checkIssuer: (issuer) => {
     return issuer === 'https://example.com'
   },
@@ -36,8 +36,9 @@ const getJwks = buildGetJwks({
 - `max`: Max items to hold in cache. Defaults to 100.
 - `ttl`: Milliseconds an item will remain in cache. Defaults to 60s.
 - `timeout`: Specifies how long it should wait to retrieve a JWK before it fails. The time is set in milliseconds. Defaults to 5s.
-- `allowedDomains`: Array of allowed domains. By default all domains are allowed.
-- `checkIssuer`: Optional user defined function to validate a token's domain
+- `issuersWhitelist`: Array of allowed issuers. By default all issuers are allowed.
+- `allowedDomains`: This has been **deprecated** and replaced with `issuersWhitelist`.
+- `checkIssuer`: Optional user defined function to validate a token's domain.
 - `providerDiscovery`: Indicates if the Provider Configuration Information is used to automatically get the jwks_uri from the [OpenID Provider Discovery Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This endpoint is exposing the [Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). With this flag set to true the domain will be treated as the OpenID Issuer which is the iss property in the token. Defaults to false. Ignored if jwksPath is specified.
 - `jwksPath`: Specify a relative path to the jwks_uri. Example `/otherdir/jwks.json`. Takes precedence over providerDiscovery. Optional.
 - `agent`: The custom agent to use for requests, as specified in [node-fetch documentation](https://github.com/node-fetch/node-fetch#custom-agent). Defaults to `null`.
@@ -132,7 +133,7 @@ const buildGetJwks = require('get-jwks')
 // often encoded as the `iss` property of the token payload
 const domain = 'https://...'
 
-const getJwks = buildGetJwks({ allowedDomains: [...]})
+const getJwks = buildGetJwks({ issuersWhitelist: [...]})
 
 // create a verifier function with key as a function
 const verifyWithPromise = createVerifier({
diff --git a/src/get-jwks.d.ts b/src/get-jwks.d.ts
index 0a383e2..7d0b153 100644
--- a/src/get-jwks.d.ts
+++ b/src/get-jwks.d.ts
@@ -13,7 +13,7 @@ type GetPublicKeyOptions = {
 type GetJwksOptions = {
   max?: number
   ttl?: number
-  allowedDomains?: string[]
+  issuersWhitelist?: string[]
   providerDiscovery?: boolean
   jwksPath?: string
   agent?: Agent
diff --git a/src/get-jwks.js b/src/get-jwks.js
index 7ca78e7..c441fa7 100644
--- a/src/get-jwks.js
+++ b/src/get-jwks.js
@@ -18,7 +18,7 @@ function buildGetJwks(options = {}) {
   const max = options.max || 100
   const ttl = options.ttl || 60 * 1000 /* 1 minute */
   const timeout = options.timeout || 5 * 1000 /* 5 seconds */
-  const allowedDomains = (options.allowedDomains || []).map(ensureTrailingSlash)
+  const issuersWhitelist = (options.issuersWhitelist || options.allowedDomains || []).map(ensureTrailingSlash)
   const checkIssuer = options.checkIssuer
   const providerDiscovery = options.providerDiscovery || false
   const jwksPath = options.jwksPath
@@ -65,7 +65,7 @@ function buildGetJwks(options = {}) {
 
     const normalizedDomain = ensureTrailingSlash(domain)
 
-    if (allowedDomains.length && !allowedDomains.includes(normalizedDomain)) {
+    if (issuersWhitelist.length && !issuersWhitelist.includes(normalizedDomain)) {
       const error = new GetJwksError(errorCode.DOMAIN_NOT_ALLOWED)
       return Promise.reject(error)
     }
diff --git a/test/getJwk.spec.js b/test/getJwk.spec.js
index 8c7b508..a4eea2c 100644
--- a/test/getJwk.spec.js
+++ b/test/getJwk.spec.js
@@ -235,7 +235,7 @@ t.test('allowed domains', async t => {
         nock(allowedDomain).get('/.well-known/jwks.json').reply(200, jwks)
 
         const getJwks = buildGetJwks({
-          allowedDomains: [allowedDomain],
+          issuersWhitelist: [allowedDomain],
         })
 
         const [{ alg, kid }] = jwks.keys
@@ -252,7 +252,7 @@ t.test('allowed domains', async t => {
     nock(domain1).get('/.well-known/jwks.json').reply(200, jwks)
     nock(domain2).get('/.well-known/jwks.json').reply(200, jwks)
 
-    const getJwks = buildGetJwks({ allowedDomains: [domain1, domain2] })
+    const getJwks = buildGetJwks({ issuersWhitelist: [domain1, domain2] })
 
     const [{ alg, kid }] = jwks.keys
 
@@ -297,7 +297,7 @@ t.test('allowed domains', async t => {
 
   t.test('forbids domain outside of the allow list', async t => {
     const getJwks = buildGetJwks({
-      allowedDomains: ['https://example.com/'],
+      issuersWhitelist: ['https://example.com/'],
     })
 
     const [{ alg, kid }] = jwks.keys
diff --git a/test/getJwkDiscovery.spec.js b/test/getJwkDiscovery.spec.js
index c373164..68e9771 100644
--- a/test/getJwkDiscovery.spec.js
+++ b/test/getJwkDiscovery.spec.js
@@ -244,23 +244,23 @@ t.test('allowed domains for discovery', async t => {
     ['https://example.com/', 'https://example.com'],
   ]
 
-  allowedCombinations.forEach(([allowedDomain, domainFromToken]) => {
+  allowedCombinations.forEach(([allowedIssuer, domainFromToken]) => {
     t.test(
-      `allows domain ${allowedDomain} requested with ${domainFromToken} for discovery`,
+      `allows domain ${allowedIssuer} requested with ${domainFromToken} for discovery`,
       async t => {
-        const allowedDomainSlash = allowedDomain.endsWith('/')
-          ? allowedDomain
-          : `${allowedDomain}/`
-        nock(allowedDomain)
+        const allowedIssuerSlash = allowedIssuer.endsWith('/')
+          ? allowedIssuer
+          : `${allowedIssuer}/`
+        nock(allowedIssuer)
           .get('/.well-known/openid-configuration')
           .reply(200, {
-            issuer: allowedDomain,
-            jwks_uri: `${allowedDomainSlash}.well-known/certs`,
+            issuer: allowedIssuer,
+            jwks_uri: `${allowedIssuerSlash}.well-known/certs`,
           })
-        nock(allowedDomain).get('/.well-known/certs').reply(200, jwks)
+        nock(allowedIssuer).get('/.well-known/certs').reply(200, jwks)
         const getJwks = buildGetJwks({
           providerDiscovery: true,
-          allowedDomains: [allowedDomain],
+          issuersWhitelist: [allowedIssuer],
         })
 
         const [{ alg, kid }] = jwks.keys
@@ -290,7 +290,7 @@ t.test('allowed domains for discovery', async t => {
 
     const getJwks = buildGetJwks({
       providerDiscovery: true,
-      allowedDomains: [domain1, domain2],
+      issuersWhitelist: [domain1, domain2],
     })
 
     const [{ alg, kid }] = jwks.keys
@@ -302,7 +302,7 @@ t.test('allowed domains for discovery', async t => {
   t.test('forbids domain outside of the allow list', async t => {
     const getJwks = buildGetJwks({
       providerDiscovery: true,
-      allowedDomains: ['https://example.com/'],
+      issuersWhitelist: ['https://example.com/'],
     })
 
     const [{ alg, kid }] = jwks.keys