Receiving id_token as RS256 instead of HS256

I am trying to get id_token and access_token by using the implicit grant type:

https://<my_tenant><my_audience>&response_type=id_token token&client_id=<my_client_id>&redirect_uri=http://localhost:3000/auth0-user&nonce=abc&state=123&scope=openid profile email

I have set the application to use HS256 by making it “OIDC incompliant”.
The audience parameter and its corresponding API setting has also been set to use the HS256 signing algo.

But when I receive the response, the access_token is in HS256 as expected but id_token is always RS256 signed.

How can I get id token in HS256?

Hey there @alphatreader!

Can you tell me or perfectly share the screenshot where you’re setting the signing algorithm?

Here are the application settings:

And here is the API setting:

Thanks! I must have missed your last message. Let me discuss it with the engineering team why it might be behaving this way.