From b2354e5aed793ae168f4dc36c045417e1e3d8c0c Mon Sep 17 00:00:00 2001
From: Roberto Pommella Alegro <robertoaall@gmail.com>
Date: Wed, 7 Dec 2022 14:50:09 -0300
Subject: [PATCH] Docs: improve bound_audiences documentation for jwt role
 (#18265)

---
 website/content/api-docs/auth/jwt.mdx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/content/api-docs/auth/jwt.mdx b/website/content/api-docs/auth/jwt.mdx
index a2901f6077..5ea46200ed 100644
--- a/website/content/api-docs/auth/jwt.mdx
+++ b/website/content/api-docs/auth/jwt.mdx
@@ -111,7 +111,8 @@ entities attempting to login. At least one of the bound values must be set.
 - `name` `(string: <required>)` - Name of the role.
 - `role_type` `(string: <optional>)` - Type of role, either "oidc" (default) or "jwt".
 - `bound_audiences` `(array: <optional>)` - List of `aud` claims to match against.
-  Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles.
+  Any match is sufficient. For "jwt" roles, at least one of `bound_audiences`, `bound_subject`,
+  `bound_claims` or `token_bound_cidrs` is required. Optional for "oidc" roles.
 - `user_claim` `(string: <required>)` - The claim to use to uniquely identify
   the user; this will be used as the name for the Identity entity alias created
   due to a successful login. The claim value must be a string.