|
|
|
|
|
|
by stouset
3261 days ago
|
|
|
If you leave the `alg` field out, the exact same scenario occurs: someone sends you a token, and you fail to authorize using the server-side configured algorithm. Having this field adds nothing of real value. The only thing having an `alg` field does is make the standard trivially misusable by well-intentioned developers. |
|
|