Auth0 Home Blog Docs

Custom HS256 signing secret

Is it possible to change or specify the signing secret to be used with HS256 signing algorithm?

This question appears to have been asked previously Changing API Signing Secret however it doesn’t appear as though it was ever answered before being closed.

Hey there!

Judging by this doc it seems that it’s possible:

however we do recommend using RS256

Hey, thanks for the reply,

Indeed after digging around a bit I found a way where it seems possible to set the signing secret.
I haven’t managed to find a way to set via the dashboard however the Management Api docs offer an endpoint to achieve this: https://auth0.com/docs/api/management/v2#!/Resource_Servers/patch_resource_servers_by_id

It seems Resource Server is the Management Apis terminology for an API.
You can patch the signing secret using this endpoint though and set the algorithm to be used as well.

I haven’t managed to test this properly yet as I’m having a few issues with my Management Api access_token but this seems to be the way to do it.

1 Like

Glad you have found it and thanks for sharing with the rest of community!