The same RFC spec also says it must be present, if it is empty
it is not present so it should not be converted to the "none"
algo as the "none" algo is an algorithm and not the absence of
one.
Finally the "none" algorithm as a string should be "none" not
"NONE" according to the IANA register for JWS Signature and
Encryption Algorithms which can be found here:
arun11299
commented
4 years ago
The alg claim should always be treated as a case-sensitive value according to the RFC spec which you can find here:
https://tools.ietf.org/html/rfc7515#section-4.1.1
The same RFC spec also says it must be present, if it is empty it is not present so it should not be converted to the "none" algo as the "none" algo is an algorithm and not the absence of one.
Finally the "none" algorithm as a string should be "none" not "NONE" according to the IANA register for JWS Signature and Encryption Algorithms which can be found here:
https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms