How to create a client with management API that uses RS256 as signing algorithm

When creating a client using the management API, the signing algorithm is set to HS256 by default. I can’t find a way to set the signing to RS256 using either the create client or update client calls.

Is it possible to do this?

Hey there @SamTolmay!

I’m searching that for you now. Will get back here shortly!

Can you tell me what stack you use? Thank you!

I’m not able to find anything about changing the signing algorithm for the Management API in our docs.

Thank you @konrad.sopala

I am using axios in node to make the api requests.

Is there any possible alternative to set the signing algorithm? Its impractical for us to log in to the web app and set each client manually

Hey there!

There is no word about automating that process using the Management API and the dashboard and doing it manually seems to be the only way for now. I highly encourage you to place such feature request for our product team using our product feedback form. You should be contacted within 10 business days regarding that:

Thanks, I will submit a request

When creating a client using the management API, the signing algorithm is set to HS256 by default.

You are talking about the access token that you use to make the request against the Management API, is that right?

What OAuth2 grant type are you using? I assume Client Credentials Grant?

When I test it just now and fetch an access token for the Management API, it’s RS256 for me.

Also, when you go to the Dashboard > APIs > Auth0 Management API, you should see that it’s set to RS256, is that not the case?

Hi @mathiasconradt

The credentials I receive using client credentials grant are also signed using RS256.

The issue is that new clients that I create using the Management API are configured to use HS256 by default, and I cannot configure this using the API.

This is an issue since I need the clients to authenticate using a generic OpenId Connect library, which expects a RS256 signed token and uses the the clients discovery endpoint to get the client’s public key.

I see.

When you create the client, what’s the request payload? I haven’t tested it myself, but does adding this in the payload not work (as said, not tested it myself, more of a question / worth a try)?

    "jwt_configuration": {
      "alg": "RS256",
      "lifetime_in_seconds": 36000,
      "secret_encoded": false
    },
1 Like

Thank you, that works.

Neither me nor Konrad were able to find the jwt_configuration option in the docs. Would it possible to update the documentation to document this?

1 Like

Would it possible to update the documentation to document this?

The problem is that the docs, especially the samples in there, are not complete, they’re not a complete reflection of the underlying data schema / model.

I’ve already taken this to the product team and created a ticket about this (in general, not just about the particular API endpoint).