Assuming a JWT implementation accepts only a fixed header (all header fields must be present and match, no additional fields can be present), are there any other issues with "just use jwt"?
I do like using JWT.
But its point is to offer flexibility. If you fix the entire header i.e. use a single signature method, you might just as well concat that signature directly.
In other words if you stop utilizing JWT, you won’t have JWT specific problems.
In other words if you stop utilizing JWT, you won’t have JWT specific problems.