I have created a custom OIDC authorizer for a AWS API Gateway (REST). It currently support tokens signed using the RS256 algorithm, and will otherwise fail.
The .well-known
OIDC endpoint lists the following supported algorithms, so everything is OK:
"id_token_signing_alg_values_supported":["RS256"]
Is id_token_signing_alg_values_supported
administrated by Microsoft or the tenant's administrators? If Microsoft, where can I find information on when it will change?