RS256 is defaulting to HS256 in production

I’ve built and tested an Azure Static Web App using a Vue frontend and Python APIs. Everything is working well with Auth0 locally, however, now I’m deploying into production I’ve received a really strange issue. It seems that the JWT is defaulting to HS256 rather than RS256.

I’ve checked all settings for my App and APIs: they’re all set to RS256. I’ve even manually reset them to RS256 and saved, but nothing seems to fix the issue. When I run everything locally (using my Auth0 dev tenant) everything works fine and I get RS256 tokens. When I run in prod (using my Auth0 prod tenant) I get HS256. Can anyone help me understand why this is happening please?

Hi @StoicalPirate,

This is likely a settings misconfiguration. Can you please DM me the tenant/domain name of the environment where this is happening so I can take a look.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.