mikenicholson
commented
8 years ago This would be non-standard usage of the JWT. I'm not a security/crypto guy so I'm sticking with the algorithms suggested in RFC 7519.
Additionally, this library uses the package jsonwebtoken to perform verification of JWT and therefore only supports the signing algorithms implemented by that library. If you wish to inject your own verification function you can do so by setting JwtStrategy.JwtVerifier to a new value in lib/strategy.js.
So, it is posible use bcrypt to avoid the secret hash in jwt protocol, in order to inprove the security?