--- a/xml/en/docs/http/ngx_http_auth_jwt_module.xml	Fri Dec 07 15:18:06 2018 +0300
+++ b/xml/en/docs/http/ngx_http_auth_jwt_module.xml	Mon Dec 10 12:35:00 2018 +0300
@@ -9,7 +9,7 @@
 <module name="Module ngx_http_auth_jwt_module"
         link="/en/docs/http/ngx_http_auth_jwt_module.html"
         lang="en"
-        rev="7">
+        rev="8">
 
 <section id="summary">
 
@@ -38,7 +38,7 @@
 
 <para>
 The module supports the following cryptographic
-<link url="https://tools.ietf.org/html/rfc7518#section-3.1">algorithms</link>:
+<link url="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">algorithms</link>:
 
 <list type="bullet">
 
@@ -54,6 +54,10 @@
 ES256, ES384, ES512
 </listitem>
 
+<listitem>
+EdDSA (Ed25519 and Ed448 signatures) (1.15.7)
+</listitem>
+
 </list>
 
 Prior to version 1.13.7,
@@ -190,6 +194,45 @@
 </directive>
 
 
+<directive name="auth_jwt_key_request">
+<syntax><value>uri</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<context>location</context>
+<context>limit_except</context>
+<appeared-in>1.15.6</appeared-in>
+
+<para>
+Allows retrieving a
+<link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
+file from a subrequest for validating JWT signature and
+sets the URI where the subrequest will be sent to.
+To avoid validation overhead,
+it is recommended to cache the key file:
+<example>
+proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m;
+
+server {
+    ...
+
+    location / {
+        auth_jwt             "closed site";
+        auth_jwt_key_request /jwks_uri;
+    }
+
+    location = /jwks_uri {
+        internal;
+        proxy_cache foo;
+        proxy_pass  http://idp.example.com/keys;
+    }
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="auth_jwt_leeway">
 <syntax><value>time</value></syntax>
 <default>0s</default>