JWT Signing algorithms supported by Okta?

danfrye · February 11, 2021, 8:54pm

Does anyone know what algorithms are supported by Okta for signing JWTs as part of an OIDC login?

We are signing the JWTs with RS256, but I’ve seen a couple references that only HS256 is required to be implemented for OIDC. I’m wondering if Okta just hasn’t implemented the “recommended” functionality as part of the JWT RFC and instead just did the “required” pieces which would necessitate HMAC SHA-256 (HS256) as the signing algorithm.

The error message we’re getting is “INVALID_SOCIAL_TOKEN” and “Could not acquire access token from authorization code”. We’ve traced it down to something with the JWT, but don’t know what. We could be way off base too - we’re kind of flying blind here.

Dan

gpadma · February 11, 2021, 9:34pm

Hi @danfrye,

Okta uses RS256 to sign id token and access token.

To troubleshoot the error that you receive, could you create a Support case with Okta or email developers@okta.com with the required logs and screen shots for further troubleshooting ?

danfrye · February 11, 2021, 10:42pm

Thanks for the info re: RS256. We’ll open a support case.

system · January 26, 2024, 6:54pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Change JWT from RS256 to ES256 OAuth/OIDC	3	45	April 8, 2025
Custom authorization server - change signing algorithm? OAuth/OIDC	2	1311	March 27, 2024
Signature validation on Request JWT in OAuth2.0 /authorize operation OAuth/OIDC	2	5184	March 8, 2018
Invalid signature in Access and Id Token OAuth/OIDC	7	24438	March 15, 2019
JWT token always has invalid signature OAuth/OIDC	4	7876	August 19, 2022

JWT Signing algorithms supported by Okta?

Related topics