`none` algorithm for JWT plugin

In IETF’s document JSON Web Token Best Current Practices :

That said, if a JWT is cryptographically protected by a transport layer, such as TLS using cryptographically current algorithms, there may be no need to apply another layer of cryptographic protections to the JWT. In such cases, the use of the “none” algorithm can be perfectly acceptable.

But according to https://docs.konghq.com/hub/kong-inc/jwt/, seems only HS256 , HS384 , HS512 , RS256 , and ES256 are supportted.

Is there any way to use none for encryption?

Sure, that could be added to plugin. Do you want to create issue on Github or propose a PR?

Okay. I’ll try to PR first. Many thanks!


It’s on #4921 now.


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ