+ Which signing algorithm to use.
Leave this
+ alone unless you see errors that look like
+ "unexpected JWT alg received, expected RS256, got:
+ RS512" in your logs.
+