From 69e79373640b5cd7d726b07804546d803bcbe3fc Mon Sep 17 00:00:00 2001 From: Karl Kemister-Sheppard Date: Fri, 29 May 2026 09:43:59 +1000 Subject: [PATCH] DOC-3519: Add Cloud vs On-Premises callout to AI JWT page Add a NOTE admonition to the Cloud JWT authentication page clarifying that it applies to Cloud-hosted AI only, with the key differences in aud claim and signing algorithm, and a cross-link to the on-premises JWT page. --- modules/ROOT/pages/tinymceai-jwt-authentication-intro.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/tinymceai-jwt-authentication-intro.adoc b/modules/ROOT/pages/tinymceai-jwt-authentication-intro.adoc index 8c09352e26..8ca1a8a0de 100644 --- a/modules/ROOT/pages/tinymceai-jwt-authentication-intro.adoc +++ b/modules/ROOT/pages/tinymceai-jwt-authentication-intro.adoc @@ -9,6 +9,11 @@ {pluginname} requires JWT (JSON Web Token) authentication when using the {cloudname} service. JWT authentication provides secure, user-specific access to {pluginname} features. Each JWT token contains claims that identify the user and specify which AI features they can access. +[NOTE] +==== +This page covers JWT authentication for the *{cloudname}-hosted* AI service, where the `aud` claim is set to the Tiny Cloud API key and tokens are signed with RS256. For on-premises deployments, the `aud` claim is the Environment ID from the Management Panel and tokens are signed with HS256. See xref:tinymceai-on-premises-jwt.adoc[JWT authentication for the on-premises AI service]. +==== + {productname} recommends using the libraries listed on link:https://www.jwt.io/libraries[jwt.io/libraries] to create JWT tokens. These libraries support the algorithms required by {pluginname}. For details on supported algorithms, see xref:#supported-algorithms[Supported Algorithms]. [[trial-demo-identity-service]]