Hi,

When I upgrade from v1.5.6 to v2.2.1, I find that, the 'none' algorithms behaves differently.

In v1.5.6, even use 'none', the exp claim would be verified, but in v2.2.1, it doesn't

the script:

payload = { 'exp' => (Time.now.to_i - 5) }
id_token = JWT.encode(payload, nil, 'none')
JWT.decode(id_token, nil, false)

the output:

• v1.5.6:

=> JWT::ExpiredSignature: Signature has expired

• v2.2.1:

=> [{"exp"=>1561080813}, {"alg"=>"none"}]

And I find that this commit 67f4a5a change the behavior.

I want to make sure that, when using none alg (no signature), should the claims verification be ignored?

Thank you!