Document why none is not supported

Local-Data-Exchange · Nov 7, 2022 · aaccee1 · aaccee1
1 parent dfb0e6b
commit aaccee1
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/docs/supported-algorithms.md b/docs/supported-algorithms.md
@@ -36,4 +36,10 @@ They're usually recommended for scenarios where creation is handled by a compone
 | `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 | `\Lcobucci\JWT\Signer\Rsa\Sha512`   | `>= 2048 bits`  |
 | `EdDSA` | EdDSA signature algorithms      | `\Lcobucci\JWT\Signer\Eddsa`        | `>= 256 bits`   |
 
+## `none` algorithm
+
+The `none` algorithm as described by [JWT standard] is intentionally not implemented and not supported.
+The risk of misusing it is too high, and even where other means guarantee the token validity a symmetric algorithm
+shouldn't represent a computational bottleneck with modern hardware.
+
 [JWT standard]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms