From 655fdd345caa4c79672f17989e39cacfa6f0f042 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Fri, 25 Apr 2025 10:59:42 -0400
Subject: [PATCH 1/2] pausing while I wait to hear from eng

---
 src/connections/oauth.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/connections/oauth.md b/src/connections/oauth.md
index 219b99ea67..5900aec102 100644
--- a/src/connections/oauth.md
+++ b/src/connections/oauth.md
@@ -73,6 +73,7 @@ Access tokens are only valid within a region. The supported regional authorizati
 
 To obtain the access token:
 
+1. Create a node or shell script
 1. Create a JWT token with the header and payload as below:
 
     Header
@@ -98,12 +99,13 @@ To obtain the access token:
 
     Field | Description 
     ------------ | -------------
-    KID | The key ID of the public key in the OAuth application.
-    ISS | The identifier of the JWT issuer.
-    SUB | The OAuth application ID. 
-    IAT | The epoch time in seconds when the token was issued. 
-    EXP | The expiry time in seconds. This is expected to be valid only for a short duration under a minute. 
-    JTI | The unique identifer for the token. 
+    KID | The key ID of the public key in the OAuth application. You can find this value in the Overview tab of the OAuth app you created in the Segment app. 
+    ISS | The identifier of the JWT issuer. This value is `https://oauth2.segment.io` if you're located in the US, or `https://oauth2.eu1.segmentapis.com` if you're located in the EU. 
+    SUB | The OAuth application ID. You can find this value in the Overview tab of the OAuth app you created in the Segment app.
+    AUD | The intended recipient of the token. This value is `https://oauth2.segment.io` if you're located in the US, or `https://oauth2.eu1.segmentapis.com` if you're located in the EU. 
+    IAT | (_Optional_) The epoch time in seconds when the token was issued. This is typically set to the current time using `math.floor(Date.now() / 1000)`.
+    EXP | The expiry time of a token, measured in seconds. Tokens are expected to be valid for less than sixty seconds. You can set the expiry of a token using `math.floor(Date.now() / 1000) + 60`. 
+    JTI | (_Optional_) A case-sensitive string that acts as a [unique identifer for the token](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7){:target="_blank”}.
 
 2. Send a form-url-encoded `POST` request to the regional authorization server's `\token` route with the following parameters:
     

From 3342ad169b6e695ad194f7b7113bbf3a041534a1 Mon Sep 17 00:00:00 2001
From: forstisabella <92472883+forstisabella@users.noreply.github.com>
Date: Tue, 29 Apr 2025 09:32:13 -0400
Subject: [PATCH 2/2] update optional fields

---
 src/connections/oauth.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/connections/oauth.md b/src/connections/oauth.md
index 5900aec102..80531c8cdb 100644
--- a/src/connections/oauth.md
+++ b/src/connections/oauth.md
@@ -97,15 +97,17 @@ To obtain the access token:
     }
     ```
 
+    Unless otherwise specified, all fields are mandatory. 
+
     Field | Description 
     ------------ | -------------
-    KID | The key ID of the public key in the OAuth application. You can find this value in the Overview tab of the OAuth app you created in the Segment app. 
-    ISS | The identifier of the JWT issuer. This value is `https://oauth2.segment.io` if you're located in the US, or `https://oauth2.eu1.segmentapis.com` if you're located in the EU. 
-    SUB | The OAuth application ID. You can find this value in the Overview tab of the OAuth app you created in the Segment app.
+    KID | The key ID of the public key in the OAuth application. You can find this value in the Segment app by navigating to the Access Management tab and selecting the OAuth app you created. On the Overview tab for your OAuth app, you'll find your Key ID.  
+    ISS | _(Optional)_  The identifier of the JWT issuer. This value is `https://oauth2.segment.io` if you're located in the US, or `https://oauth2.eu1.segmentapis.com` if you're located in the EU. 
+    SUB | The OAuth application ID. You can find this value in the Segment app by navigating to the Access Management tab and selecting the OAuth app you created. On the Overview tab for your OAuth app, you'll find your application ID under **App ID**.
     AUD | The intended recipient of the token. This value is `https://oauth2.segment.io` if you're located in the US, or `https://oauth2.eu1.segmentapis.com` if you're located in the EU. 
-    IAT | (_Optional_) The epoch time in seconds when the token was issued. This is typically set to the current time using `math.floor(Date.now() / 1000)`.
+    IAT | The epoch time in seconds when the token was issued. This is typically set using `math.floor(Date.now() / 1000)`.
     EXP | The expiry time of a token, measured in seconds. Tokens are expected to be valid for less than sixty seconds. You can set the expiry of a token using `math.floor(Date.now() / 1000) + 60`. 
-    JTI | (_Optional_) A case-sensitive string that acts as a [unique identifer for the token](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7){:target="_blank”}.
+    JTI | A case-sensitive string that acts as a [unique identifer for the token](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7){:target="_blank”}. Segment recommends setting this value with a UUID format to avoid duplicate values between tokens. 
 
 2. Send a form-url-encoded `POST` request to the regional authorization server's `\token` route with the following parameters: