diff --git a/docs/site/Loopback-component-authentication.md b/docs/site/Loopback-component-authentication.md
index 45a14b17afe4..5333cfdf5c79 100644
--- a/docs/site/Loopback-component-authentication.md
+++ b/docs/site/Loopback-component-authentication.md
@@ -160,6 +160,9 @@ export class WhoAmIController {
}
```
+{% include note.html content="If only some of the controller methods are decorated with the @authenticate decorator, then the injection decorator for CURRENT_USER in the controller's constructor must be specified as @inject(AuthenticationBindings.CURRENT_USER, {optional:true}) to avoid a binding error when an unauthenticated endpoint is accessed. Alternatively, do not inject CURRENT_USER in the controller constructor, but in the controller methods which are actually decorated with the @authenticate decorator. See [Method Injection](Dependency-injection.md#method-injection), [Constructor Injection](Dependency-injection.md#constructor-injection) and [Optional Dependencies](Dependency-injection.md#optional-dependencies) for details.
+" %}
+
An example of the decorator when options **are** specified looks like this:
```ts
diff --git a/docs/site/decorators/Decorators_authenticate.md b/docs/site/decorators/Decorators_authenticate.md
index 40493e2a04f2..d8d59c6bce4f 100644
--- a/docs/site/decorators/Decorators_authenticate.md
+++ b/docs/site/decorators/Decorators_authenticate.md
@@ -40,5 +40,8 @@ export class WhoAmIController {
}
```
+{% include note.html content="If only some of the controller methods are decorated with the @authenticate decorator, then the injection decorator for CURRENT_USER in the controller's constructor must be specified as @inject(AuthenticationBindings.CURRENT_USER, {optional:true}) to avoid a binding error when an unauthenticated endpoint is accessed. Alternatively, do not inject CURRENT_USER in the controller constructor, but in the controller methods which are actually decorated with the @authenticate decorator. See [Method Injection](../Dependency-injection.md#method-injection), [Constructor Injection](../Dependency-injection.md#constructor-injection) and [Optional Dependencies](../Dependency-injection.md#optional-dependencies) for details.
+" %}
+
For more information on authentication with LoopBack, visit
[here](../Loopback-component-authentication.md).
diff --git a/docs/site/tutorials/authentication/Authentication-Tutorial.md b/docs/site/tutorials/authentication/Authentication-Tutorial.md
index d10c96c2cfcd..e73880441ec5 100644
--- a/docs/site/tutorials/authentication/Authentication-Tutorial.md
+++ b/docs/site/tutorials/authentication/Authentication-Tutorial.md
@@ -231,6 +231,9 @@ a user can print out his/her user profile by performing a `GET` request on the
// ...
```
+{% include note.html content="Since this controller method is obtaining CURRENT_USER via [method injection](../../Dependency-injection.md#method-injection) (instead of [constructor injection](../../Dependency-injection.md#constructor-injection)) and this method is decorated with the @authenticate decorator, there is no need to specify @inject(AuthenticationBindings.CURRENT_USER, {optional:true}). See [Using the Authentication Decorator](../../Loopback-component-authentication.md#using-the-authentication-decorator) for details.
+" %}
+
The `/users/me` endpoint is decorated with
```ts