Security: Remove mentions of deprecated and unsafe Accept JWT signed identities mode for Engage Messaging Web. RD-28451 (#168)

brenauj · web-flow · commit f208e63ab447 · 2023-12-19T12:03:56.000+01:00
diff --git a/docs/interactions/web-messaging/community.md b/docs/interactions/web-messaging/community.md
@@ -33,7 +33,6 @@ RingCentral Engage Messaging supports registering information about the visitor
 
 The `Signed identities` field configures the handling of those signed identities by the Server:
 
-* **Accept JWT signed identities** : either non-signed and signed information are accepted. This is a flexible mode. It is **not recommended for production**, see details [here](../integration#security).
 * **Reject JWT signed identities** : only non-signed information is accepted. This is a strict mode.
 * **Require JWT signed identities** : only signed information is accepted. This is a strict secure mode. This is the default value.
 
diff --git a/docs/interactions/web-messaging/integration.md b/docs/interactions/web-messaging/integration.md
@@ -95,7 +95,7 @@ The server in RingCentral Engage currently uses the following JWT extensions:
 
 !!! warning "Required data"
     The **“uuid”** key with a valid value is **mandatory** in the JWT payload.
-    When missing, the JWT will be rejected, a default identity will be used, and, if the **“Require JWT signed identities” JWT mode** is set on the community profile, the chat won't open.
+    When missing, the JWT will be rejected and the chat won't open.
 
 #### Generation of the JWT
 
@@ -145,8 +145,6 @@ This code has to be inserted in the HTML source of the target website. It can be
 
 #### Security
 
-The **“Accept JWT signed identities” JWT mode** is an unsecure mode for production if you are using JWT to set your user's data since it also allows non-signed identities. This mode is **not recommended** when you have a JWT integration.
-
 To be able to share the history cross device between web and mobile, the mobile SDK uses a JWT to authenticate the user through its UUID. But then if you allow non-signed identities on the web, there is a security risk since, without a JWT, identity UUID is not guaranteed to come from your system.
 
 ## Custom Variables Integration (optional)
