Developer Questions

Ask a Question
Back to All

JWT signing algorithm


I'm trying to implement OAuth2 flow in my project and verify jwt on my API.

In documentation said that JWT is signed using HS256 but when I debug jwt using it says that algorithm is RS256

"alg": "RS256",
"typ": "JWT"

Is it intentionally or it is a bug?

How can I verify this JWT on my backend? Because documentation says that I can verify it using XUMM Api Secret but RS256 is actually asymmetric algorithm.