Short secrets using HS256 blocks token generation

[rtamarindo]

It doesn't generates a JWT when the secret is not compliant with the RFC for not having the minimum length for instance. So can not use jwt.io to debug an application with a non-compliant JWT secret because it simply doesn't generates the token.

I think it could only raise a warning instead of blocking it completely.

[HenryzhaoH]

Totally agreed. Nobody will use jwt.io for production. As for debugging and testing purposes, setting these limitations for "security reason" is completely unnecessary and unwanted.
Further more, when using JWT Decoder with the same key and settings, it works as normal and not event raise a warning.

[utkusen]

this!

[combatsasality]

up

[keithdanielll]

up !

[cTxplorer]

This feature rollout is being controlled via a cookie named ab-variant.

For the older UI, update the ab-variant cookie value to control. For new UI, either delete the cookie or set its value to variant.