Field "Authentication Signing Algorithm" sent as `authSigningAlgs` instead of `token_endpoint_auth_signing_alg` on Create OAuth2 Client page

[jpogorzelski]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

https://serene-engelbart-4fo4ru61cd.projects.oryapis.com

Describe the bug

When private_key_jwt option is selected as Authentication Method in "Client authentication mechanism" section, the new select box "Authentication Signing Algorithm" appears on a page with list of algorithms.

The selected value is sent to Hydra /clients endpoint as authSigningAlgs property, which does not exist in OAuth2Client schema. The request is 201, but the field is not present in the response. I believe the property name in the payload should be token_endpoint_auth_signing_alg instead.

Reproducing the bug

1. Go to new OAuth2 Client creation page https://console.ory.sh/projects//oauth/create
2. Fill any client name
3. Select JWT Authenticaton (private_key_jwt)
4. Select e.g. RS512 in Authentication Signing Algorithm field
5. Submit

Relevant log output

No response

Relevant configuration

No response

Version

Ory Network

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Ory Network

Additional Context

Screenshot of relevant form section: