At this time it does not seem that I can use the JWTVerifier to validate a token without requiring an Algorithm to do so. This seems odd since we can decode the token's without an Algorithm and we would essentially be having to implement that logic ourselves with the JWTVerifier interface with the same logic as the impl provided. But is this really what we would have to do to have a verifier that does not require an algorithm?

@DallasP9124 verifying a JWT without an algorithm is not recommended as they could be tampered with. For this reason, we have made Algorithm mandatory for verification.

One provision we have but do not recommend is Algorithm.none() since this is also an insecure way of verifying a JWT. So at this point, we would recommend to have the public key in your application to verify the JWT.

Hope this answers your question. We will close this issue for now but feel free to reopen it if you have more doubts.