|
|
|
|
|
|
by bebop
752 days ago
|
|
|
I have not seen an authorization server that makes it easy to configure no signing algorithm or even one that might be considered insecure. Most of the client authentication providers I have used (I.e frameworks) have also forced a secure algorithm, usually starting with rsa 256. So while technically you can use a no algorithm signer, I have never seen this happen. |
|
|
See, for example:
https://github.com/firebase/php-jwt/issues/351