diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/ClientAuthnRequest.java b/jans-auth-server/client/src/main/java/io/jans/as/client/ClientAuthnRequest.java
index ea32739e071..eec1b20e7e1 100644
--- a/jans-auth-server/client/src/main/java/io/jans/as/client/ClientAuthnRequest.java
+++ b/jans-auth-server/client/src/main/java/io/jans/as/client/ClientAuthnRequest.java
@@ -1,7 +1,7 @@
 /*
  * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
  *
- * Copyright (c) 2020, Janssen Project
+ * Copyright (c) 2022, Janssen Project
  */
 
 package io.jans.as.client;
@@ -86,6 +86,10 @@ public void appendClientAuthnToQuery(QueryBuilder builder) {
         }
     }
 
+    public SignatureAlgorithm getFallbackAlgorithm() {
+        return StringUtils.isBlank(keyId) ? SignatureAlgorithm.HS256 : SignatureAlgorithm.RS256;
+    }
+
     public String getClientAssertion() {
         if (cryptoProvider == null) {
             LOG.error("Crypto provider is not specified");
@@ -93,7 +97,7 @@ public String getClientAssertion() {
         }
 
         if (algorithm == null) {
-            algorithm = SignatureAlgorithm.HS256;
+            algorithm = getFallbackAlgorithm();
         }
 
         GregorianCalendar calendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ClientAuthnRequestTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ClientAuthnRequestTest.java
new file mode 100644
index 00000000000..342b0759880
--- /dev/null
+++ b/jans-auth-server/client/src/test/java/io/jans/as/client/ClientAuthnRequestTest.java
@@ -0,0 +1,32 @@
+package io.jans.as.client;
+
+import io.jans.as.model.crypto.signature.SignatureAlgorithm;
+import org.testng.annotations.Test;
+
+import static org.testng.Assert.assertEquals;
+
+/**
+ * @author Yuriy Zabrovarnyy
+ */
+public class ClientAuthnRequestTest {
+
+    @Test
+    public void getFallbackAlgorithm_whenKidIsBlank_shouldReturnHS256() {
+        ClientAuthnRequest request = new TestClientAuthnRequest();
+        assertEquals(request.getFallbackAlgorithm(), SignatureAlgorithm.HS256);
+    }
+
+    @Test
+    public void getFallbackAlgorithm_whenKidIsNotBlank_shouldReturnRS256() {
+        ClientAuthnRequest request = new TestClientAuthnRequest();
+        request.setKeyId("testKid");
+        assertEquals(request.getFallbackAlgorithm(), SignatureAlgorithm.RS256);
+    }
+
+    public static class TestClientAuthnRequest extends ClientAuthnRequest {
+        @Override
+        public String getQueryString() {
+            return "";
+        }
+    }
+}