...

• It is recommended to use PS256 or PS512

• RSA shall have a minimum length of 2048 bits

• Elliptic curve shall have a minimum length of 160 bits

References

Note that some of the links below might not point to the latest version of the document.

The OAuth 2.0 Authorization Framework: https://tools.ietf.org/html/rfc6749

...

OAuth DPoP: https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-13

OAuth 2.0 Security Best Current Practice: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics