Change JWT from RS256 to ES256

We have setup JWT with Authorization server, but it uses RS256 by default.

How can we set it to use ES256 instead

At this time, Okta only signs JWTS with RS256, as noted in our docs here

Hi but when you run a check it states it can use
“request_object_signing_alg_values_supported”: [
“HS256”,
“HS384”,
“HS512”,
“RS256”,
“RS384”,
“RS512”,
“ES256”,
“ES384”,
“ES512”

“backchannel_authentication_request_signing_alg_values_supported”: [
“HS256”,
“HS384”,
“HS512”,
“RS256”,
“RS384”,
“RS512”,
“ES256”,
“ES384”,
“ES512”
],
“dpop_signing_alg_values_supported”: [
“RS256”,
“RS384”,
“RS512”,
“ES256”,
“ES384”,
“ES512”
]
}

Those don’t refer to the algorithm Okta uses to sign tokens, but to JWTs sent in requests to Okta and the algorithms we support for those JWTs.

• The request_object_signing_alg_values_supported refers to the request parameter that can be included in the (front channel) authorization request, which can hold the other parameters required by the Authorization Endpoint. The API docs I’ve linked to even has this line about the request parameter:

  • Okta supports the HMAC, RSA and ECDSA signature algorithms. HMAC signatures require that the client has a token_endpoint_auth_method that uses a client_secret. RSA and ECDSA signatures requires that the client registers a public key.

• Similarly, backchannel_authentication_request_signing_alg_values_supported refers to the request parameter that can be included in a backchannel authorization request, with the same note about algs as for frontchannel requests
• And dpop_signing_alg_values_supported refers to the JWT that an integration generates to complete an OAuth flow using Demonstrating Proof of Possession

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.