I'm trying to use kratos tokenizer so authenticated users on our ory kratos instance can access a Zendesk instance. FYI, Zendesk use only HS256 with JWT sessions and provides the HS256 key as a 48 characters string. I follow the documentated here so I have this snippet in `kratos.yaml`:

session:
  whoami:
    tokenizer:
      templates:
        zendesk:
          claims_mapper_url: ...
          jwks_url: file:///etc/config/jwks/zendesk.jwks.json
          ttl: 10m

I can then generate the JWT with:

curl --silent  -H 'Cookie: ory_session=...' <https://kratos.test/sessions/whoami?tokenize_as=zendesk>

Then the content is perfect, but the signature is never valid (I'm using Zendesk, jwt.io and https://github.com/golang-jwt/jwt/tree/main/cmd/jwt `zendesk.jwks.json`:

json
{
  "keys": [
    {
      "use": "sig",
      "kty": "oct",
      "kid": "c361940f-61de-4fb1-b36b-3abfd1348c67",
      "alg": "HS256",
      "k": "SECRET"
    }
  ]
}

I tried using

oathkeeper credentials generate --alg HS256

, or using this as a template for the Zendesk provided secret, to no avail. It sounds like a bug to me, but I'm curious since Zendesk is mentionned as a use case for using the tokenizer.