I am trying to compile the final part of my singing by generating the signature for my JWT using ES256.
According to jwt.io, I can sign it with HMAC SHA256 - here is where I get a bit confused, if my header uses ES256 - does this mean I have to sign it using ES256 algorithm?
It is a requirement that I have to ES256.
{
"alg": "ES256",
"kid": "DSR74G",
"typ": "JWT"
}
RFC 7518 defines (in section 3.1) the allowed pairings between "alg" values and the MAC algorithm. ES256 must be paired with ECDSA using P-256 and SHA-256 as the MAC algorithm.
Since you are facing a requirement from Apple to use ES256, that means you have to use ECDSA.