diff --git a/docs/my-website/docs/proxy/token_auth.md b/docs/my-website/docs/proxy/token_auth.md
new file mode 100644
index 000000000..fc2ff480b
--- /dev/null
+++ b/docs/my-website/docs/proxy/token_auth.md
@@ -0,0 +1,42 @@
+# [BETA] JWT-based Auth 
+
+Use JWT's to auth admin's into the proxy.
+
+:::info
+
+This is a new feature, and subject to changes based on feedback.
+
+:::
+
+## Step 1. Set env's 
+
+```bash
+export JWT_PUBLIC_KEY_URL="" # "http://localhost:8080/realms/test-litellm-proxy/protocol/openid-connect/certs"
+export JWT_ISSUER="" # http://localhost:8080/realms/test-litellm-proxy
+```
+
+## Step 2. Create JWT with scopes 
+
+Create a client scope called `litellm_proxy_admin` in your OpenID provider (e.g. Keycloak).
+
+Grant your user, `litellm_proxy_admin` scope when generating a JWT. 
+
+```bash
+curl --location 'http://{base_url}/realms/{your-realm}/protocol/openid-connect/token' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'client_id={CLIENT_ID}' \
+--data-urlencode 'client_secret={CLIENT_SECRET}' \
+--data-urlencode 'username=test-{USERNAME}' \
+--data-urlencode 'password={USER_PASSWORD}' \
+--data-urlencode 'grant_type=password' \
+--data-urlencode 'scope=litellm_proxy_admin' # 👈 grant this scope
+```
+
+## Step 3. Create a proxy key with JWT 
+
+```bash
+curl --location '{proxy_base_url}/key/generate' \
+--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiI...' \
+--header 'Content-Type: application/json' \
+--data '{}'
+```
\ No newline at end of file
diff --git a/docs/my-website/sidebars.js b/docs/my-website/sidebars.js
index 7edede699..ad659380f 100644
--- a/docs/my-website/sidebars.js
+++ b/docs/my-website/sidebars.js
@@ -43,6 +43,7 @@ const sidebars = {
         "proxy/ui",
         "proxy/budget_alerts",
         "proxy/cost_tracking",
+        "proxy/token_auth",
         {
           "type": "category",
           "label": "🔥 Load Balancing",
diff --git a/litellm/proxy/auth/handle_jwt.py b/litellm/proxy/auth/handle_jwt.py
index 0276d2bef..108231df6 100644
--- a/litellm/proxy/auth/handle_jwt.py
+++ b/litellm/proxy/auth/handle_jwt.py
@@ -111,4 +111,4 @@ class JWTHandler:
                 except Exception as e:
                     raise Exception(f"Validation fails: {str(e)}")
 
-        raise jwt.InvalidKeyError
+        raise Exception("Invalid JWT Submitted")