Access keys signed with HS256 instead of RS256


My keycloak signs access tokens with HS256 even though I think I’ve configured my server correctly so that it signs them with RS256.
I would like to force it to sign using RS256 so that I can verify the signatures with the RS256 public key.

Here are the different keys on my server. I tried to remove the HS256 key but when it needs to sign an access token, it automatically recreates one:

Despite my configuration in :
Realm settings → Tokens → Default Signature Algorithm: RS256

I use keycloak 23.0.6.

Here’s a stackoverflow link from someone who seems to have a similar problem to mine:

Did you ever find a solution? I just got dinged on a penetration test that I should not be using HS256. Like you I have the default token algorithm set to RS256.

Hi everyone, I have the same issue.
I want JWT tokens signed with RS256 but I’m getting HS512