RS256 is defaulting to HS256 in production

StoicalPirate · July 31, 2021, 3:13am

I’ve built and tested an Azure Static Web App using a Vue frontend and Python APIs. Everything is working well with Auth0 locally, however, now I’m deploying into production I’ve received a really strange issue. It seems that the JWT is defaulting to HS256 rather than RS256.

I’ve checked all settings for my App and APIs: they’re all set to RS256. I’ve even manually reset them to RS256 and saved, but nothing seems to fix the issue. When I run everything locally (using my Auth0 dev tenant) everything works fine and I get RS256 tokens. When I run in prod (using my Auth0 prod tenant) I get HS256. Can anyone help me understand why this is happening please?

dan.woda · August 2, 2021, 5:41pm

Hi @StoicalPirate,

This is likely a settings misconfiguration. Can you please DM me the tenant/domain name of the environment where this is happening so I can take a look.

system · October 13, 2021, 6:32pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tokens are recognized as RS256 although the client is configured to HS256 Help jwt	3	3416	January 14, 2019
Suddenly RS256 tokens generated from HS256 apps Help jwt , auth0	11	3329	March 28, 2020
Getting RS256 token instead of HS256 Help jwt	7	5422	June 25, 2022
Still get RS256 token JWT.io	3	2585	April 22, 2022
Getting RS256-encrypted JWT for Custom SMS Gateway Help connections , passwordless-sms-connection	1	1450	December 14, 2022

RS256 is defaulting to HS256 in production

Related topics