It has been 10 days since the last alg:none JWT vulnerability.
The pac4j authentication framework would accept unsigned session tokens for admins & superusers, as long as they were encrypted with the public RSA key.
The pac4j authentication framework would accept unsigned session tokens for admins & superusers, as long as they were encrypted with the public RSA key.