diff --git a/backend/auth.py b/backend/auth.py
index 746b923..2d45510 100644
--- a/backend/auth.py
+++ b/backend/auth.py
@@ -52,7 +52,7 @@ def _decode_token(token: str, jwks):
         if not key_dict:
             raise HTTPException(status_code=401, detail="Invalid token: signing key not found")
 
-        key = construct(key_dict)
+        key = construct(key_dict, algorithm="RS256")
         decode_kwargs = {"algorithms": ["RS256"]}
         if AUTH_CLIENT_ID:
             decode_kwargs["audience"] = AUTH_CLIENT_ID