Is it possible to change or specify the signing secret to be used with HS256 signing algorithm?
This question appears to have been asked previously Changing API Signing Secret however it doesn’t appear as though it was ever answered before being closed.
Judging by this doc it seems that it’s possible:
however we do recommend using RS256
Hey, thanks for the reply,
Indeed after digging around a bit I found a way where it seems possible to set the signing secret.
I haven’t managed to find a way to set via the dashboard however the Management Api docs offer an endpoint to achieve this: https://auth0.com/docs/api/management/v2#!/Resource_Servers/patch_resource_servers_by_id
It seems Resource Server is the Management Apis terminology for an API.
You can patch the signing secret using this endpoint though and set the algorithm to be used as well.
I haven’t managed to test this properly yet as I’m having a few issues with my Management Api access_token but this seems to be the way to do it.
Glad you have found it and thanks for sharing with the rest of community!