COMMONS-143, we are restricted in our signing algorithm choice. The only RS algorithm available today is RS256. A reasonable expectation from AM would be to use different RS, like RS512.
The current OAuth2 provider settings is not offering the possibility to specify the algorithms to use for RS signing.
What we currently have is the following:
"Token Signing RSA public/private key pair" : "test"
"Token Signing ECDSA public/private key pair alias" : "ES512|test", "ES256|test", "ES384|test"
For "Token Signing RSA public/private key pair", OpenAM doesn't enforce the algorithm to use. It's then hard coded to RS256 in the AM code.
We may want to do the same for RSA for consistency and code re-usability. Customers would be able to have more than one key for RSA.