Python dict keys are in an undefined order, which means json.dumps() doesn't reliably produce the same string. So in JWT, it's best to verify the input JSON, rather than decoding it, re-encoding it, and verifying it. Otherwise you get spurious verification failures.
PKCS #1.5 added in 2.5. SHA384 & SHA512 added in 2.4.
…sued.info/docs/draft-ietf-jose-json-web-algorithms-11.html#DefiningPSS) Using salt len = hash len as per http://www.ietf.org/mail-archive/web/jose/current/msg02901.html Tests added but I've not touched the README
only from python jsonables