dicts are not ordered in python < 3.7

I do not see much sense in adding backwards compatibility at the expense
of current versions (like adding OrderedDict support), so just avoid the
issue in the test case and add a note to the documentation.

docs/index.md

@@ -195,7 +195,9 @@ Can be a scalar, a list or a dict.
 
 For a scalar, this secret is used for signing and verification.
 
-For a list or dict, the first element/value is used for signing.
+For a list or dict, the first element/value is used for
+signing. *NOTE: In python < 3.7 it is undefined which value from a
+dict is used for signing.*
 
 (The first) `JWT_SECRET_KEY` is only used for signing if (the first) `JWT_ALGORITHM` is `HS*`, otherwise `JWT_PRIVATE_KEY` is used.
 

tests/views/test_authentication.py

@@ -15,6 +15,8 @@
 from rest_framework_jwt.compat import has_set_cookie_samesite
 from rest_framework_jwt.settings import api_settings
 
+from sys import version_info
+
 try:
     from cryptography.hazmat.backends import default_backend
     from cryptography.hazmat.primitives.asymmetric import rsa
@@ -275,10 +277,12 @@ def test_kid(
         api_settings, "JWT_PUBLIC_KEY",
         { "rsa1": prsa1, "rsa2": prsa2 }
     )
-    monkeypatch.setattr(
-        api_settings, "JWT_SECRET_KEY",
-        { "hash1": "one", "hash2": "two" }
-    )
+
+    sk = { "hash1": "one", "hash2": "two" }
+    # dicts are not ordered in python < 3.7
+    if version_info < (3, 7):
+        sk = { "hash1": "one" }
+    monkeypatch.setattr(api_settings, "JWT_SECRET_KEY", sk)
 
     for kid, algo in {"hash1": ["HS256", "RS256"], "rsa1": ["RS256", "HS256"]}.items():
         monkeypatch.setattr(api_settings, "JWT_ALGORITHM", algo)