From 3951155cf3bddea1cd4b7b1d3958870be3136939 Mon Sep 17 00:00:00 2001
From: Marcelo Soares <marcelo.me.soares@gmail.com>
Date: Mon, 18 May 2026 22:03:34 -0300
Subject: [PATCH] feat: Document the support of HMAC SHA-256 JWT signing
 algorithm

---
 docs/06-concepts/11-authentication/01-setup.md         |  2 +-
 .../05-token-managers/02-jwt-token-manager.md          | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/docs/06-concepts/11-authentication/01-setup.md b/docs/06-concepts/11-authentication/01-setup.md
index 2198def1..36ea4dfc 100644
--- a/docs/06-concepts/11-authentication/01-setup.md
+++ b/docs/06-concepts/11-authentication/01-setup.md
@@ -47,7 +47,7 @@ void run(List<String> args) async {
       JwtConfig(
         // Pepper used to hash the refresh token secret.
         refreshTokenHashPepper: pod.getPassword('jwtRefreshTokenHashPepper')!,
-        // Algorithm used to sign the tokens (`hmacSha512` or `ecdsaSha512`).
+        // Algorithm used to sign the tokens (`hmacSha512`, `hmacSha256` or `ecdsaSha512`).
         algorithm: JwtAlgorithm.hmacSha512(
           // Private key to sign the tokens. Must be a valid HMAC SHA-512 key.
           SecretKey(pod.getPassword('jwtHmacSha512PrivateKey')!),
diff --git a/docs/06-concepts/11-authentication/05-token-managers/02-jwt-token-manager.md b/docs/06-concepts/11-authentication/05-token-managers/02-jwt-token-manager.md
index 2ef2a22e..3959ea30 100644
--- a/docs/06-concepts/11-authentication/05-token-managers/02-jwt-token-manager.md
+++ b/docs/06-concepts/11-authentication/05-token-managers/02-jwt-token-manager.md
@@ -57,7 +57,7 @@ Finally, run `serverpod generate` to generate the client code and expose the end
 
 #### Token Algorithms
 
-There are two supported token algorithms:
+There are three supported token algorithms:
 
 - **HMAC SHA-512**: Use HMAC SHA-512 for symmetric key signing.
 
@@ -67,6 +67,14 @@ There are two supported token algorithms:
     ),
     ```
 
+- **HMAC SHA-256**: Use HMAC SHA-256 for symmetric key signing.
+
+    ```dart
+    algorithm: JwtAlgorithm.hmacSha256(
+      SecretKey(pod.getPassword('authenticationTokenPrivateKey')!),
+    ),
+    ```
+
 - **ECDSA SHA-512**: Use ECDSA SHA-512 for asymmetric key signing.
 
     ```dart