Wayne
Wayne
I don't use `x5u` personally, I'm not sure about the best practice. - Use `kid` or some claim to specify a `.pem` file? - Accept multiple certs file or single...
Hmm... I don't like the idea of **dropping all header** personally. It's not **proper** RFC JWT when you eliminate headers. But I think I can put `raw_payload` into the `jwtObj`...
I have only little bit experience on openssl under ms windows, I am not much help. I'm digging into it right now... lead the way, great @fermaem
Good idea! I definitely will do this!
- We didn't implement the `none` algorithm. - You can use `set_alg_whitelist` function to pin one or some signing algorithms.
What do you mean by `Organisation support`? Could you provide me more detail about that?