Auth0 Home Blog Docs

JWT.IO should track PS family support across libraries


#1 tracks the HS, RS, and ES families, but does not track usage of PS (RSASSA-PSS) certificates.

This encryption family is important because while it has less market penetration today, support is required for the OpenID Foundation’s FAPI specification. This is in active use across the UK with the Open Banking project overseeing the 9 largest UK banks building standard APIs. Even if parties choose to opt for the ES family, banks must support both families to have a within-spec implementation.

In general, some parties feel that the PS family offers higher security guarantees over RS due to the use of RSA-PSS over PKCS1-v1_5 - the specifics of that debate are a separate topic but one would expect that debate to continue which would drive adoption to PS.


I obviously meant to say “signatures” not “certificates” in the first line there, apologies :grinning:


I agree that PS256 is becoming vital - it would be great if could cover this.


This would be a good thing to submit to our product feedback process at


Thanks, I’ve submitted a recommendation. I was unsure if was in scope for that form, but thanks for clarifying.