diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py
index 7952e0b9574..f4f8e2a0277 100644
--- a/docker-jans-persistence-loader/scripts/upgrade.py
+++ b/docker-jans-persistence-loader/scripts/upgrade.py
@@ -133,25 +133,6 @@ def _transform_auth_dynamic_config(conf):
             conf["agamaConfiguration"]["defaultResponseHeaders"].pop("Content-Type", None)
             should_update = True
 
-        if "accessTokenSigningAlgValuesSupported" not in conf:
-            conf["accessTokenSigningAlgValuesSupported"] = [
-                "none",
-                "HS256",
-                "HS384",
-                "HS512",
-                "RS256",
-                "RS384",
-                "RS512",
-                "ES256",
-                "ES384",
-                "ES512",
-                "ES512",
-                "PS256",
-                "PS384",
-                "PS512"
-            ]
-            should_update = True
-
         for grant_type in [
             "urn:ietf:params:oauth:grant-type:device_code",
             "urn:ietf:params:oauth:grant-type:token-exchange",
@@ -160,6 +141,25 @@ def _transform_auth_dynamic_config(conf):
                 conf["dynamicGrantTypeDefault"].append(grant_type)
                 should_update = True
 
+    if "accessTokenSigningAlgValuesSupported" not in conf:
+        conf["accessTokenSigningAlgValuesSupported"] = [
+            "none",
+            "HS256",
+            "HS384",
+            "HS512",
+            "RS256",
+            "RS384",
+            "RS512",
+            "ES256",
+            "ES384",
+            "ES512",
+            "ES512",
+            "PS256",
+            "PS384",
+            "PS512"
+        ]
+        should_update = True
+
     if "forceSignedRequestObject" not in conf:
         conf["forceSignedRequestObject"] = False
         should_update = True
diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
index 30b94d05619..a6a2dc871cd 100644
--- a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
+++ b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json
@@ -26,6 +26,22 @@
     "backchannelDeviceRegistrationEndpoint":"https://%(hostname)s/jans-auth/restv1/bc-deviceRegistration",
     "deviceAuthzEndpoint":"https://%(hostname)s/jans-auth/restv1/device_authorization",
     "openidSubAttribute":"inum",
+    "accessTokenSigningAlgValuesSupported":[
+        "none",
+        "HS256",
+        "HS384",
+        "HS512",
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "ES512",
+        "PS256",
+        "PS384",
+        "PS512"
+    ],
     "discoveryDenyKeys": [
         "id_generation_endpoint",
         "auth_level_mapping",