I’m using a post-login action redirect and attempting to send a session_token as a query param to the redirect URL. With HS, you could use api.redirect.encodeToken while passing in a secret, but what is the equivalent for RS?
When using RS for signatures, it seems that Auth0 handles the private key and signs tokens. If I omit the secret option for api.redirect.encodeToken, I get an error in the browser saying: access_denied (secret must be a string or bufferor a KeyObject).
How can I sign and send a session_token along with my redirect during the action flow?
I understand that you would like to change the signing algorithm for your JWT Web Token.
It seems like you may need to change your signing algorithm on your Application settings from HS256 to RS256. To do so, I recommend checking that your Application settings have set the JSON Web Token (JWT) Signature Algorithm to RS256 under the Advanced Settings at the bottom of the page. Please do not forget to save your changes.
My application is already configured to use RS256 signing algorithm. My issue was using api.redirect.encodeToken when my application is set to use RS256 - however, it seems that this method uses HS256 by default.
Everything works on my end now! Originally, it was unclear whether I had to use an RS256 signing algorithm for this api method.
