Hello @TyTheNiFiGuy,  Thanks for being part of our community.  I was checking that NiFi Registry does not have support for asymmetric RSA such as RS256.  That is a limitation itself, and not a problem in your token.  The log do tell this:  2026-01-02 18:22:27,220 INFO [NiFi logging handler] org.apache.nifi.registry.StdOut Caused by: java.lang.IllegalArgumentException: The default resolveSigningKey(JwsHeader, Claims) implementation cannot be used for asymmetric key algorithms (RSA, Elliptic Curve).  Override the resolveSigningKey(JwsHeader, Claims) method instead and return a Key instance appropriate for the RS256 algorithm.  Checking the code, I see that only HS256 is supported:  private static final MacAlgorithm SIGNATURE_ALGORITHM = Jwts.SIG.HS256; https://github.com/apache/nifi/blob/9998b6d9ce21a66db240ff6131fc882002285e8b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/jwt/JwtService.java#L53C1-L54C1  ... View more

Thanks. I don't fully understand the differences between the policies you can modify by right clicking on the canvas and selecting "Manage Access Policies" and the policies you can modify by selecting the dropdown on the top right and selecting "Policies". In either case, the right click and "Manage Access Policies" approach worked. ... View more