diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua
index cb78c05..b854359 100644
--- a/lib/resty/openidc.lua
+++ b/lib/resty/openidc.lua
@@ -930,13 +930,14 @@ end
 local function is_algorithm_supported(jwt_header)
   return jwt_header and jwt_header.alg and (jwt_header.alg == "none"
       or string.sub(jwt_header.alg, 1, 2) == "RS"
+      or string.sub(jwt_header.alg, 1, 2) == "ES"
       or string.sub(jwt_header.alg, 1, 2) == "HS")
 end
 
 -- is the JWT signing algorithm an asymmetric one whose key might be
 -- obtained from the discovery endpoint?
 local function uses_asymmetric_algorithm(jwt_header)
-  return string.sub(jwt_header.alg, 1, 2) == "RS"
+  return string.sub(jwt_header.alg, 1, 2) == "RS" or string.sub(jwt_header.alg, 1, 2) == "ES"
 end
 
 -- is the JWT signing algorithm one that has been expected?