I was working with the authentik_provider_oauth2 resource, and left the signing_key blank.
When creating a provider via the web UI, the value for signing_key defaults to "authentik Self-signed Certificate".
If you fail to set signing_key and leave the default empty string, you will end up with a somewhat cryptic error about a malformed jwt and an unexpected signature algorithm:
I was working with the authentik_provider_oauth2 resource, and left the
signing_key
blank.When creating a provider via the web UI, the value for
signing_key
defaults to "authentik Self-signed Certificate".If you fail to set
signing_key
and leave the default empty string, you will end up with a somewhat cryptic error about a malformed jwt and an unexpected signature algorithm:It seems that authentik_provider_oauth2 would likely never work if
signing_key
is left to the default of an empty string.I suggest making it required or at a minimum documenting it's usage a bit further in these two locations: