Setup JWT access tokens signed with HS256 #2988

Answered by aeneasr

yaskoo asked this question in Q&A

yaskoo
Feb 13, 2022

I'm using hydra 1.10.6 and I'm trying to setup JWT access tokens signed using HS256.
I have set the strategies.access_token configuration to jwt and hydra is now issuing JWT access tokens, but I can't make it to sign them with HS256.
I've tried creating the client using the http api and providing the jwks key, but still tokens are signed with RS256.
Any pointers will be greatly appreciated.

btw, I've read the docs and some best practices on JWTs - I know this is not a great combo, but it's something I have to live with for a while.

Answered by aeneasr

Hydra does not support that, it only supports asymmetric keys as otherwise anyone with the secret could forge tokens!

View full answer

Replies: 2 comments 3 replies

aeneasr
Feb 13, 2022
Maintainer

Hydra does not support that, it only supports asymmetric keys as otherwise anyone with the secret could forge tokens!

3 replies

yaskoo Feb 13, 2022
Author

Thanks, that's good to know.
Is there a note somewhere in the docs (didn't see any). Maybe we should add one?

aeneasr Feb 13, 2022
Maintainer

I don't think there is one, we can probably add one here:

https://github.com/ory/docs/blob/master/docs/hydra/jwks.md

would you be up for this?

yaskoo Feb 14, 2022
Author

sure, here it is ory/docs#578
but im having trouble signing the CLA - I had to change my email in the commit and now the agreement doesn't show

Answer selected by yaskoo

rm116
Apr 17, 2024

Hello,

If I want to use my private/public keys, is that possible ?

0 replies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment