Suddenly RS256 tokens generated from HS256 apps

My sites have been used HS256 algo for years, now Auth0 is generating RS256 tokens, and it’s breaking all my sites.

The same thing seems to have happened in 2017 - Server returns RS256 but HS256 is selected

What’s going on?

2 Likes

I have the exact same problem and it started about 5-6hrs ago.
in my case it works for email/password login but social logins are generating RS256 tokens

@iameugenejo_impact have you found an workaround for it?

1 Like

Same here, I have no idea why this is happening… Any news?

1 Like

I am having the same problem, my site is using HS256 for many years, today oauth returns RS256 even that HS256 is still active the configuraton of the Application.

1 Like

same for out application

Can you all, who are experiencing it, please clarify/confirm:

in your API registered in Auth0 you have definitely set the Signing Algorithm to HS256

and it shows up like this in the API settings afterwards:

and the audience in the authorize request is set for this particular audience / API? (in my screenshot example, it would be: audience: https://my-api/

(If all is the case, then it would be a bug.)

My sites have been used HS256 algo for years, now Auth0 is generating RS256 tokens, and it’s breaking all my sites.

@iameugenejo_impact Are you saying, your sites have been using Auth0 as authorization servers for years and all worked, and without any changes on your end, the algorithm used has suddenly changed within the last few days?

@mathiasconradt That is exactly the same issue we are having. Just 2 minutes ago it just started working again.

@mathiasconradt same in our case: we didn’t do any changes (codebase level or Auth0 settings) and it stoped working about 7-8hrs ago and now (again without any changes on our side) it started working again.

In our case the email/password login was working but social logins didn’t work.

Thanks both for confirming. I’ll check it internally.

Product team is aware of it, it’s due to a change, and working on a rollback.

The issue should be resolved. Can you please check.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.