In IETF’s document JSON Web Token Best Current Practices :
That said, if a JWT is cryptographically protected by a transport layer, such as TLS using cryptographically current algorithms, there may be no need to apply another layer of cryptographic protections to the JWT. In such cases, the use of the “none” algorithm can be perfectly acceptable.
But according to https://docs.konghq.com/hub/kong-inc/jwt/, seems only HS256
, HS384
, HS512
, RS256
, and ES256
are supportted.
Is there any way to use none
for encryption?