diff --git a/pkg/op/op.go b/pkg/op/op.go
index 69d6d39..bea8569 100644
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@@ -171,20 +171,21 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO
 }
 
 type openidProvider struct {
-	config              *Config
-	endpoints           *endpoints
-	storage             Storage
-	signer              Signer
-	idTokenHintVerifier IDTokenHintVerifier
-	jwtProfileVerifier  JWTProfileVerifier
-	accessTokenVerifier AccessTokenVerifier
-	keySet              *openIDKeySet
-	crypto              Crypto
-	httpHandler         http.Handler
-	decoder             *schema.Decoder
-	encoder             *schema.Encoder
-	interceptors        []HttpInterceptor
-	timer               <-chan time.Time
+	config                  *Config
+	endpoints               *endpoints
+	storage                 Storage
+	signer                  Signer
+	idTokenHintVerifier     IDTokenHintVerifier
+	jwtProfileVerifier      JWTProfileVerifier
+	accessTokenVerifier     AccessTokenVerifier
+	keySet                  *openIDKeySet
+	crypto                  Crypto
+	httpHandler             http.Handler
+	decoder                 *schema.Decoder
+	encoder                 *schema.Encoder
+	interceptors            []HttpInterceptor
+	timer                   <-chan time.Time
+	accessTokenVerifierOpts []AccessTokenVerifierOpt
 }
 
 func (o *openidProvider) Issuer() string {
@@ -453,6 +454,13 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option {
 	}
 }
 
+func WithAccessTokenVerifierOpts(opts ...AccessTokenVerifierOpt) Option {
+	return func(o *openidProvider) error {
+		o.accessTokenVerifierOpts = opts
+		return nil
+	}
+}
+
 func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler {
 	return func(handlerFunc http.HandlerFunc) http.Handler {
 		handler := handlerFuncToHandler(handlerFunc)
diff --git a/pkg/op/verifier_access_token.go b/pkg/op/verifier_access_token.go
index 2f19e91..d2c0c80 100644
--- a/pkg/op/verifier_access_token.go
+++ b/pkg/op/verifier_access_token.go
@@ -48,11 +48,22 @@ func (i *accessTokenVerifier) KeySet() oidc.KeySet {
 	return i.keySet
 }
 
-func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet) AccessTokenVerifier {
+type AccessTokenVerifierOpt func(*accessTokenVerifier)
+
+func WithSupportedAccessTokenSigningAlgorithms(algs ...string) AccessTokenVerifierOpt {
+	return func(verifier *accessTokenVerifier) {
+		verifier.supportedSignAlgs = algs
+	}
+}
+
+func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet, opts ...AccessTokenVerifierOpt) AccessTokenVerifier {
 	verifier := &accessTokenVerifier{
 		issuer: issuer,
 		keySet: keySet,
 	}
+	for _, opt := range opts {
+		opt(verifier)
+	}
 	return verifier
 }