[*] role=fixed [*] create consumer jack-rs (RS256): 201 [*] create consumer jack-ec (ES256): 201 [*] create consumer jack-ed (EdDSA): 201 [*] create route jwt-auth: 201 [*] no-jwt control: 401 (expect 401) [*] RS256 forged HS256 -> 401 [REJECTED] body={"message":"failed to verify jwt"} [*] ES256 forged HS256 -> 401 [REJECTED] body={"message":"failed to verify jwt"} [*] EdDSA forged HS256 -> 401 [REJECTED] body={"message":"failed to verify jwt"} [+] FIXED: all forged HS256 tokens rejected (401) -> fix covers RS256/ES256/EdDSA