Now JWT_LOADER takes the alg as argument, to avoid security issue where the lib is taking alg from the header (which may be a bad security weakness).

library/security/jwt/src/errors/jwt_mismatched_alg_error.e

@@ -0,0 +1,36 @@
+note
+	description: "Summary description for {JWT_MISMATCHED_ALG_ERROR}."
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	JWT_MISMATCHED_ALG_ERROR
+
+inherit
+	JWT_ERROR
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make (a_alg, a_header_alg: READABLE_STRING_8)
+		do
+			alg := a_alg
+			header_alg := a_header_alg
+		end
+
+feature -- Access
+
+	alg: READABLE_STRING_8
+
+	header_alg: READABLE_STRING_8
+
+	id: STRING = "ALG_MISMATCH"
+
+	message: READABLE_STRING_8
+		do
+			Result := "Header alg [" + header_alg + "] does not match given alg [" + alg + "]!"
+		end
+
+end

library/security/jwt/src/jwt.e

@@ -118,6 +118,11 @@ feature {JWT_UTILITIES} -- Error reporting
 			l_errors.extend (err)
 		end
 
+	report_mismatched_alg_error (alg, a_header_alg: READABLE_STRING_8)
+		do
+			report_error (create {JWT_MISMATCHED_ALG_ERROR}.make (alg, a_header_alg))
+		end
+
 	report_unsupported_alg_error (alg: READABLE_STRING_8)
 		do
 			report_error (create {JWT_UNSUPPORTED_ALG_ERROR}.make (alg))

library/security/jwt/src/jwt_loader.e

@@ -1,8 +1,8 @@
 note
-	description: "Summary description for {JWT_LOADER}."
-	author: ""
+	description: "Loader and verifier to JWT token."
 	date: "$Date$"
 	revision: "$Revision$"
+	EIS: "name=Known Critical vulnerabilities in JWT libs", "protocol=URI", "src=https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/"
 
 class
 	JWT_LOADER
@@ -12,9 +12,13 @@ inherit
 
 feature -- Access
 
-	token (a_token_input: READABLE_STRING_8; a_secret: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
-			-- Decoded token from `a_token_input` given the secret `a_secret`, and optional context `ctx`
+	token (a_token_input: READABLE_STRING_8; a_alg: detachable READABLE_STRING_8; a_verification_key: READABLE_STRING_8; ctx: detachable JWT_CONTEXT): detachable JWT
+			-- Decoded token from `a_token_input` given the verification key `a_verification_key` and optional (but recommended) signature algorithm `a_alg`, and optional context `ctx`
 			-- used to specify eventual issuer and various parameters.
+			-- WARNING: passing Void for `a_alg` is not safe, as the server should know which alg he used for tokens,
+			-- 			leaving the possibility to use the header alg is dangerous as client may use "none" and then bypass verification!
+		require
+			a_valid_alg: a_alg /= Void implies is_supporting_signature_algorithm (a_alg)
 		local
 			jws: JWS
 			i,j,n: INTEGER
@@ -29,20 +33,27 @@ feature -- Access
 					l_enc_payload := a_token_input.substring (i + 1, j - 1)
 					l_signature := a_token_input.substring (j + 1, n)
 					create jws.make_with_json_payload (base64url_decode (l_enc_payload))
-
 					alg := signature_algorithm_from_encoded_header (l_enc_header)
-					jws.set_algorithm (alg)
-					if alg = Void then
-							-- Use default
-						alg := alg_hs256
+					if a_alg /= Void then
+						if alg /= Void and then not alg.is_case_insensitive_equal_general (a_alg) then
+							jws.report_mismatched_alg_error (a_alg, alg)
+						else
+							alg := a_alg
+						end
+					else
+						if alg = Void then
+								-- Use default
+							alg := alg_hs256
+						end
 					end
+					jws.set_algorithm (alg)
 					check alg_set: alg /= Void end
 					if ctx = Void or else not ctx.validation_ignored then
 						if not is_supporting_signature_algorithm (alg) then
 							jws.report_unsupported_alg_error (alg)
 							alg := alg_hs256
 						end
-						if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_secret, alg)) then
+						if not l_signature.same_string (signature (l_enc_header, l_enc_payload, a_verification_key, alg)) then
 							jws.report_unverified_token_error
 						end
 						if