Announcing AWS STS support for ECDSA-based signatures of OIDC tokens
News
AWS Security Token Service (STS) now supports digitally signing OpenID Connect (OIDC) JSON Web Tokens (JWTs) using Elliptic Curve Digital Signature Algorithm (ECDSA) keys.
- ECDSA is a NIST-approved digital signature algorithm
- Provides an additional option for signing OIDC JWTs alongside existing RSA keys
- Users can update their identity provider's JWKS document with new key information
- No changes required to AWS IAM configuration
- Available in all AWS Regions, including AWS GovCloud (US)
This enhancement allows for more flexible and secure authentication of users and workloads using OIDC tokens.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 2
2026
2026
AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI
Nov 7
2025
2025
AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA)
Aug 5
2024
2024
Amazon Verified Permissions improves support for OIDC identity providers
Aug 19
2024
2024
Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.