diff --git a/docs/reference/security/authentication/jwt-realm.asciidoc b/docs/reference/security/authentication/jwt-realm.asciidoc
index 4c9198956d21b..164faa2345db5 100644
--- a/docs/reference/security/authentication/jwt-realm.asciidoc
+++ b/docs/reference/security/authentication/jwt-realm.asciidoc
@@ -294,7 +294,17 @@ token.
 as `HS256`. The algorithm must be in the realm's allow list.
 
 `typ`::
-(Optional, String) Indicates the token type, which must be `JWT`.
+(Optional, String) Indicates the token type.
++
+For an ID token, this must be
++
+ - `JWT`
+
++
+For access tokens, this must be one of
++
+ - `JWT`
+ - `at+jwt`
 
 [[jwt-validation-payload]]
 ===== Payload claims