diff --git a/pkg/crypto/hash.go b/pkg/crypto/hash.go
index ab9f8c1..552d769 100644
--- a/pkg/crypto/hash.go
+++ b/pkg/crypto/hash.go
@@ -21,6 +21,16 @@ func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
 		return sha512.New384(), nil
 	case jose.RS512, jose.ES512, jose.PS512:
 		return sha512.New(), nil
+
+	// There is no published spec for this yet.
+	// There is consensus here: https://bitbucket.org/openid/connect/issues/1125/_hash-algorithm-for-eddsa-id-tokens
+	// Currently go-jose only supports the ed25519 curve key for EdDSA, so we can safely assume sha512 here.
+	//
+	// TODO: When go-jose ever decides to support ed448, we need to know the "crv" parameter and use shake256 for ed448.
+	// The "crv" value is currently not exposed by go-jose.JSONWebKey and is currently only hard-coded to be set during marshalling.
+	case jose.EdDSA:
+		return sha512.New(), nil
+
 	default:
 		return nil, fmt.Errorf("%w: %q", ErrUnsupportedAlgorithm, sigAlgorithm)
 	}