diff --git a/installation/authentication-setup/custom.mdx b/installation/authentication-setup/custom.mdx
index 8409f467..71ef9a1a 100644
--- a/installation/authentication-setup/custom.mdx
+++ b/installation/authentication-setup/custom.mdx
@@ -18,17 +18,27 @@ The process is as follows:
 
 The requirements are:
 
-1. An RSA key-pair (private + public key) is required to sign and verify JWTs.
-2. The JWT must be signed using the RS256, RS384 or RS512 algorithm with the private key.
-3. The public key must be available on a public URL in [JWKS](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets) format.
+A key-pair (private + public key) is required to sign and verify JWTs. The private key is used to sign the JWT,
+and the public key is advertised on a public JWKS URL.
+
+Requirements for the key in the JWKS URL:
+1. The URL must be a public URL in the [JWKS](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets) format.
    1. We have an example endpoint available [here](https://hlstmcktecziostiaplz.supabase.co/functions/v1/powersync-jwks); ensure that your response looks similar.
-4. The `aud` of the JWT must match the PowerSync instance URL.
+2. Supported signature schemes: RSA and EdDSA. ECDSA is not supported yet.
+3. Key type (`kty`): `RSA` or `OKP` (EdDSA).
+4. Algorithm (`alg`): `RS256`, `RS384` or `RS512` for RSA, or `EdDSA` for EdDSA.
+5. Curve (`crv`): `Ed25519` or `Ed448`, only relevant for EdDSA.
+6. A `kid` must be specified, and must match the `kid` in the JWT.
+
+Requirements for the signed JWT:
+1. The JWT must be signed using a key in the JWKS URL.
+2. JWT must have a `kid` matching the key in the JWKS URL.
+3. The `aud` of the JWT must match the PowerSync instance URL.
    1. To get the instance URL of a PowerSync instance when using PowerSync Cloud: In the project tree on the [PowerSync dashboard](https://powersync.journeyapps.com/), click on the "Copy instance URL" icon.
    2. Alternatively, specify a custom audience in the instance settings.
-5. The JWT must have a `kid` matching one of the keys in the JWKS URL.
-6. The JWT must expire in 60 minutes or less. Specifically, both `iat` and `exp` fields must be present, with a difference of 3600 or less between the two.
-7. The user ID must be used as the `sub` of the JWT.
-8. Additional fields can be added which can be referenced in Sync Rules [parameter queries](/usage/sync-rules/parameter-queries).
+4. The JWT must expire in 60 minutes or less. Specifically, both `iat` and `exp` fields must be present, with a difference of 3600 or less between the two.
+5. The user ID must be used as the `sub` of the JWT.
+6. Additional fields can be added which can be referenced in Sync Rules [parameter queries](/usage/sync-rules/parameter-queries).
 
 Refer to [this example](https://github.com/powersync-ja/powersync-jwks-example) for creating and verifying JWTs for PowerSync authentication.