Multiple Algorithms fail

[0xpr03]

Currently it's not possible to allow EC and RS algorithms at once. As this comparison will fail on the first family mismatch, instead of checking for all possibilities. It basically does the reverse to my understanding, it checks if there is any mismatch instead of a match.

Thus this will always fail, whether you send an ECDSA or RSA JWT.

let algorithms = vec![Algorithm::ES256,Algorithm::ES384,Algorithm::RS256,Algorithm::RS384,Algorithm::RS512];
let validation = Validation { sub: Some(String::from("register")), leeway: 5, algorithms, ..Validation::default() };
let key = match reg.keytype {
    KeyType::EC_PEM => DecodingKey::from_ec_pem(reg.key.as_bytes())?,
    KeyType::RSA_PEM => DecodingKey::from_rsa_pem(reg.key.as_bytes())?,
};
let td = decode::<RegisterClaims>(&reg.proof, &key, &validation)?;

[Keats]

Hm I never thought people would use different algorithms in the Validation::algorithms field. This checks was just a quick way to detect errors without actually running anything. It can probably be removed in the next branch

[0xpr03]

Maybe I'm doing it wrong? I probably have a very niche use case. I want to allow clients to register themself using a uuid + private key, allowing for a privacy respecting login without password/mail. Thus I allow something like "send me your uuid + public key, and show me a proof that you can sign a JWT for my uuid+yours".

For now it's not a big problem, as I can just choose not to support anything else than ES.

[Keats]

You can just move the validation + decode call in the match directly. I don't know, I just find it odd to list completely different alg in the same decode