(no title)
bebop
|
1 year ago
I have not seen an authorization server that makes it easy to configure no signing algorithm or even one that might be considered insecure. Most of the client authentication providers I have used (I.e frameworks) have also forced a secure algorithm, usually starting with rsa 256. So while technically you can use a no algorithm signer, I have never seen this happen.
CiPHPerCoder|1 year ago
See, for example:
https://github.com/firebase/php-jwt/issues/351