Does anyone know what algorithms are supported by Okta for signing JWTs as part of an OIDC login?
We are signing the JWTs with RS256, but I’ve seen a couple references that only HS256 is required to be implemented for OIDC. I’m wondering if Okta just hasn’t implemented the “recommended” functionality as part of the JWT RFC and instead just did the “required” pieces which would necessitate HMAC SHA-256 (HS256) as the signing algorithm.
The error message we’re getting is “INVALID_SOCIAL_TOKEN” and “Could not acquire access token from authorization code”. We’ve traced it down to something with the JWT, but don’t know what. We could be way off base too - we’re kind of flying blind here.