Access token header 'kid' missing

Hi community,
I’am using AM 7.2 as an authorization server for a 3rd party integration, I enabled client-side OAuth 2.0 tokens with digital signature.
I’am generating an access token, when I decode the JWT, I get only the stuff below without the “kid” to be able to validate the signature
“typ”: “JWT”,
“alg”: “HS256”

Is there any additional configuration to do in order to get the ‘kid’ in the JWT header ?


You won’t see a kid header when the signing algorithm is Hmac based.
I would suggest to use RS* signing algorithms instead.

1 Like