Expand JWT tests for edge cases across HS256, RS256, and ES256 #10
Description
Problem
JWT support is security-sensitive, and current coverage should be stronger around edge cases such as invalid claims, algorithm mismatches, and malformed tokens.
Proposed change
Add focused tests for failure scenarios across supported JWT validation modes, including claim validation and signature mismatch cases.
Why this belongs here
JWT validation is implemented inside this codebase. Its behavior must be verified here rather than delegated to downstream users.
Alternatives considered
- Rely on existing happy-path tests only.
This is too weak for security-related code. - Document edge cases without tests.
Documentation does not protect against regressions.
Compatibility impact
No intended behavior change. Test coverage only, unless tests expose bugs that require fixes.