JWS unsigned alg should be read out of the JOSE header if available

[alexparlett]

unsign requires you to know the alg before unsigning a JWS, however if you publish keys with different algorithms or you are not in control of the signing of a JWS you might not know the algorithm.

It should use the alg field from the JOSE header and only default to :hs256 if it is not present in opts or the header.

https://tools.ietf.org/html/rfc7515#section-4.1.1

[alexparlett]

This is solved by https://github.com/funcool/buddy-sign/pull/78/files can we get it looked at asap?

[shilder]

I like to control algorithms that are allowed for verification to avoid all kind of complications described in this article: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

[alexparlett]

Our use case doesnt have that choice, we need to unsign a JWS that is signed by a third party who provide a JWKS per customer and whose algorithm selection is out of our control.

This isnt used for authn/authz but for some reason the third party spec defines that a claim inside a JWS (this is signed by our alg/key) is also encrypted as a JWS and we need validate and perform analysis on it.