Do basic checks on libraries before adding them to the libraries list #98
Description
I've looked at multiple libraries that all claimed to support ECDSA signing but didn't implement the RFC correctly.
I think you should require libraries to include some proof that they implemented the RFCs correctly before being accepted in the JWT library list.
For example they could link to some tests/code example which uses the test vectors mentioned in RFC 7520.
Most of the libraries I've seen only test their verification implementation against their own signing implementation. This is a bad practice. They should at least test against the RFC 7520 examples to prove they've implemented signing and verification correctly.