how to change wso2 api manager(3.2.0) jwt default algorithm from RS256 to S512?

Question

I am using wso2 api manager 3.2.0 .how to change wso2 api manager(3.2.0) jwt default algorithm from RS256 to S512 or another one like hs 512?

Answer 1

you can change it through the "deployment.toml" file.

#[apim.jwt]
#enable = true
#encoding = "base64" # base64,base64url
#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
#claim_dialect = "http://wso2.org/claims"
#convert_dialect = false
#header = "X-JWT-Assertion"
#signing_algorithm = "SHA256withRSA"
#enable_user_claims = true
#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"

Here there is a property called "signing_algorithm" and can change it.

The signing algorithm is used to sign the JWT. The general format of the JWT is {token infor}.{claims list}.{signature}. When NONE is specified as the algorithm, signing is turned off and the JWT looks as {token infor}.{claims list} with two strings delimited by a period and a period in the end.

This element can have only two values - the default values are SHA256withRSA or NONE.[1]

[1]. https://apim.docs.wso2.com/en/3.2.0/learn/api-gateway/passing-end-user-attributes-to-the-backend/passing-enduser-attributes-to-the-backend-using-jwt/#passing-enduser-attributes-to-the-backend-using-jwt