Hello, AFAIK, if you want to use the algorithm other than RS256, the client needs to set up the endpoint providing the public key needed to verify the signed JWT by this client. Also the format of this public key needs to be JWK. It might be worked as follows : 1. login admin console 2. open Clients->(your client)->Credentials tab 3. set Use JWKS URL : ON 4. set JWKS URL : URL to which the keycloak can download your client's public key There are some ways that the keycloak retrieves the client's public key. https://www.keycloak.org/docs/latest/server_admin/index.html#_client-cred... 1. generate the key and certificate 2. import the certificate 3. register the endpoint providing the public key needed to verify the signed JWT by this client. AFAIK, 3 supports the use of the algorithm other than RS256. But I'm not sure whether 1 and 2 also support the use of the algorithm other than RS256. Regards, -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Tom Billiet Sent: Wednesday, November 20, 2019 4:53 PM To: Dingwell, Robert A. <bobd(a)mitre.org>; keycloak-user(a)lists.jboss.org Subject: [!]Re: [keycloak-user] token endpoint auth signing alg values supported Some things just got added, but it's not fully clear to me on which places exactly: https://clicktime.symantec.com/3CAZDSrkYbDFigHBzTUyQF57Vc?u=https%3A%2F%2... Tom -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Dingwell, Robert A. Sent: Tuesday, 19 November 2019 18:50 To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] token endpoint auth signing alg values supported Hi, I from looking at the configuration endpoint I see that the only value in the token_endpoint_auth_signing_alg_values_supported field is RS256. Is keycloak configurable to support other algorithms? I’m looking for RS384 in particular to align with a specification that I am working off of. Thanks _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://clicktime.symantec.com/3XHrWANQ3GpimdXLNgd1iDN7Vc?u=https%3A%2F%2... Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. This message has been scanned for malware by Websense. https://clicktime.symantec.com/3UNwjyr4NAkeMpkUbvYj3rn7Vc?u=www.websense.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://clicktime.symantec.com/3XHrWANQ3GpimdXLNgd1iDN7Vc?u=https%3A%2F%2...