The more I think about this, the more it looks like there is far too much logic here.
Given that this is what eventual consumers of Signy will also have to implement, I would really like for both sign and verify to be more straightforward.
The complexity is not due to changes introduced by this PR (the actual complexity is the same) - this is more of a TODO before we cut 1.0.
Original comment: