JWT tokens are signed on a dedicated path (888'/0').
Header for JWW tokens must be exactly {"typ":"JWT","alg":"ES256K"}. I find it a bit restrictive (some wallets may add spaces).
Displaying the hash of the data to sign is not good from a security point of view.
I suggest, if possible, displaying the domain name contained in the JWT token on the device screen. This could be added in a future version.
This could be a bit problematic as it would probably require a full JSON parser in a device whose memory is very limited.
Sharing a commend from the ledger team:
This could be a bit problematic as it would probably require a full JSON parser in a device whose memory is very limited.
:link: zboto Link