Discussion on: Signing and Validating JSON Web Tokens (JWT) For Everyone

kimmaida profile image
Kim Maida Author

Great note, thanks Josh! I will update the article to reflect this. And that's generally done by the SDK / library you'd be using to validate, yes?

joshcanhelp profile image
Josh Cunningham

Generally, yes. You should be able to tell that library “hey, I only want to validate RS256 tokens” and the library should reject everything else.