In IETF’s document JSON Web Token Best Current Practices :
That said, if a JWT is cryptographically protected by a transport layer, such as TLS using cryptographically current algorithms, there may be no need to apply another layer of cryptographic protections to the JWT. In such cases, the use of the “none” algorithm can be perfectly acceptable.
But according to https://docs.konghq.com/hub/kong-inc/jwt/, seems only
RS256 , and
ES256 are supportted.
Is there any way to use
none for encryption?