Create JWT using RS256 with jwt.sign

I need to create a JWT using RS256 in one of my rules. For whatever reason my .net core web API won’t take a JWT signed with HS256… Is this possible inside of a rule? I assume it has to be since using RS256 algorithm is recommended for JWTs

The easiest way for you to accomplish that is by performing a client credentials grant from the rule itself. You would represent the API within Auth0 and configure it so that RS256 tokens are issued to it, then you would authorize a suitable client application to perform a client credentials grant.

Finally, you could then do the following from a rule:

function (user, context, callback) {
  var request = require("request");

  var options = { method: 'POST',
    url: 'https://[your_account].auth0.com/oauth/token',
    headers: { 'content-type': 'application/json' },
    body: 
    {
      grant_type: 'client_credentials',
      client_id: '[your_cc_client_id]',
      client_secret: '[your_cc_client_secret]',
      audience: '[your_api_identifier]',
    },
    json: true };

  request(options, function (error, response, body) {
    if (error) return callback(error);

    // Call API with body.access_token...
        
    callback(null, user, context);
  });
}

hi @jmangelo,

I’ll give this a try shortly and if it works i’ll accept your answer :).

Thanks!

hi @jmangelo,

I’ll give this a try shortly and if it works i’ll accept your answer :).

Thanks!

Is there another method of producing RS256 tokens which are signed by Auth0 within a rule?
The problem with the above is that it (1) sets the audience to the API rather than the clientID and (2) does not allow any private claims to be declared.

Is there another method of producing RS256 tokens which are signed by Auth0 within a rule?
The problem with the above is that it (1) sets the audience to the API rather than the clientID and (2) does not allow any private claims to be declared.

The signing with the same certificate by Auth0 would imply access to the private key from the rule and that is something that is not available.

Hi, I’m also still looking into a way to use RS256 encoding with a certificate, did you find a way ?