Closed spacedmonkey closed 1 year ago
@Tmeister Any chance of a merge? This is worth a read - https://auth0.com/blog/brute-forcing-hs256-is-possible-the-importance-of-using-strong-keys-to-sign-jwts/ Basically says hs256 is easily crackable. So shouldn't be default value / should be filterable.
@sviluppomania This was approved but not merged..
The JWT library supports a number of different algorithms, which are listed here.
This new filter allows a develop to pick which one to use, for better security.