Limitations

This topic describes some limitations of the JSON Web Tokens (JWT) implementation.

JWTs can only be signed using the RSA and ECDSA algorithms. The HMAC signing algorithm is not supported. The algorithm used in the signing process is determined automatically based on the algorithm of the signing key.

Parent topic: JSON Web Tokens in HTTP Headers