I would have expected HS256 to work, as long as you’ve got it included in the id_token_signing_alg_values_supported property in your provider config. If that turns out to be not the case, definitely file an issue with some details on how its failing.