diff --git a/src/pages/docs/auth/token/index.mdx b/src/pages/docs/auth/token/index.mdx index cc6b68251f..5cdb2c7243 100644 --- a/src/pages/docs/auth/token/index.mdx +++ b/src/pages/docs/auth/token/index.mdx @@ -245,8 +245,8 @@ If you have an existing [JWT](https://jwt.io/) authentication system, you can em ### Requirements -* The embedded token must be an Ably Token (not a JWT). -* The embedded token is included under the `x-ably-token` key in the [JOSE Header](https://tools.ietf.org/html/rfc7519), or if using JWS, in the payload claims. +* The embedded token can be an [Ably JWT](/docs/api/rest-sdk/authentication#ably-jwt) or an Ably Token. +* Include the token under the `x-ably-token` key in the [JOSE Header](https://tools.ietf.org/html/rfc7519). If the outer JWT is an unencrypted JWS, you can alternatively include it as an `x-ably-token` claim in the payload. * The expiry time of the embedded token must not be earlier than the outer JWT's expiry time (`exp` claim). Ably will reject any JWT if it is unencrypted and its `exp` claim is later than the expiry of the enclosed token. ### When to use