HMAC signing requires a shared key. This presents security issues. Asymmetric encryption means that only the server issuing the JWT payload is able to sign, but using the public key clients can verify the signature.
1) Allow users to pick the Signing Method (HMAC or RSA)
2) Since JWT has the data about what signing method was used... This plugin should be able to use that data to select the right key to verify the signature.
cosmotek
commented
7 months ago
http://blog.jedd-ahyoung.com/2015/07/25/using-asymmetric-jwt-on-the-server-and-the-client/
HMAC signing requires a shared key. This presents security issues. Asymmetric encryption means that only the server issuing the JWT payload is able to sign, but using the public key clients can verify the signature.
1) Allow users to pick the Signing Method (HMAC or RSA) 2) Since JWT has the data about what signing method was used... This plugin should be able to use that data to select the right key to verify the signature.
@julianlam