Auth0 Home Blog Docs

Social Login with HS256

social-connections
rs256
hs256
social
login

#1

I’m wondering if it is possible to create a social login and receive the JWT in HS256?

this.webAuth.authorize({
  connection: 'google-oauth2'
});

this is what i am using at the moment and i am only able to receive RS256 JWTs…


#2

You can change the JWT signature algorithm from the Client settings in the dashboard:

https://manage.auth0.com/#/clients > Your Client > Advanced Settings > OAuth > JsonWebToken Signature Algorithm.


#3

i already know that, but that does not work for social logins. They still RS256, thats my problem :slight_smile:


#4

I have the same issue, social login signs with RS256 no matter what we’ve setup in the Client settings


#5

The procedure to configure the signing algorithm mentioned in another answer is correct.

However, have in mind that in an OIDC compliant response the signing algorithm used for the ID Token is forced to RS256 if the client application performing the request is considered a public client (this reference document also explains the reasoning behind the forced use of RS256).

If the client in question is indeed a public client then in an OIDC or API authorization flow the ID token is signed with RS256, which allows for the client to validate the token without the need of a shared secret which would not be suitable for a public client.


#6

I have the same issue, social login signs with RS256 no matter what we’ve setup in the Client settings


#7