JWT Signing algorithms supported by Okta?

Does anyone know what algorithms are supported by Okta for signing JWTs as part of an OIDC login?

We are signing the JWTs with RS256, but I’ve seen a couple references that only HS256 is required to be implemented for OIDC. I’m wondering if Okta just hasn’t implemented the “recommended” functionality as part of the JWT RFC and instead just did the “required” pieces which would necessitate HMAC SHA-256 (HS256) as the signing algorithm.

The error message we’re getting is “INVALID_SOCIAL_TOKEN” and “Could not acquire access token from authorization code”. We’ve traced it down to something with the JWT, but don’t know what. We could be way off base too - we’re kind of flying blind here.


Hi @danfrye,

Okta uses RS256 to sign id token and access token.

To troubleshoot the error that you receive, could you create a Support case with Okta or email developers@okta.com with the required logs and screen shots for further troubleshooting ?

Thanks for the info re: RS256. We’ll open a support case.