diff --git a/docs/pages/reference/configuration/config.mdx b/docs/pages/reference/configuration/config.mdx
index ac15f4f409be0..e84e81d593b34 100644
--- a/docs/pages/reference/configuration/config.mdx
+++ b/docs/pages/reference/configuration/config.mdx
@@ -1079,18 +1079,14 @@ environment documentation][ref-exec-environment-globals].
 
 ### `check_auth`
 
-Used in both REST and WebSockets API.
+Used in the [REST API][ref-rest-api]. Default implementation parses the [JSON
+Web Token][link-jwt] in the `Authorization` header, verifies it, and sets its
+payload to the `securityContext`. [Read more][ref-sec-ctx] about JWT generation.
 
 Called on each request.
 
-Default implementation parses [JSON Web Token (JWT)][link-jwt] in `Authorization`
-header and sets payload to `securityContext` if it's verified. More
-information on how to generate these tokens is [here][ref-sec-ctx].
-
-You can return object with `securityContext: userContextObj` field inside the middleware
-if you want to customize [`SECURITY_CONTEXT`][ref-schema-cube-ref-ctx-sec-ctx].
-
-Also, in JS config you can set it directly in request object.
+You can return an object with the `securityContext` field if you want to
+customize [`SECURITY_CONTEXT`][ref-schema-cube-ref-ctx-sec-ctx].
 
 You can use empty `check_auth` function to disable built-in security or
 raise an exception to fail the authentication check.
@@ -1106,8 +1102,8 @@ def check_auth(ctx: dict, token: str) -> None:
 
   if token == 'my_secret_token':
     return {
-      "securityContext": {
-        "user_id": 42
+      'securityContext': {
+        'user_id': 42
       }
     }
 
@@ -1118,7 +1114,11 @@ def check_auth(ctx: dict, token: str) -> None:
 module.exports = {
   checkAuth: ({ securityContext }, token) => {
     if (token === 'my_secret_token') {
-      return;
+      return {
+        securityContext: {
+          user_id: 42
+        }
+      }
     }
 
     throw new Error('Access denied');