我有水疗申请。每个客户端请求都包含一个从google https://developers.google.com/identity/protocols/OpenIDConnect检索的Authorization: Bearer <access_token>（google创建JWT令牌）

当用@jwt_required验证端点（顺便说一下graphQL端点）时，我得到了错误The specified alg value is not allowed

我尝试将configuration options调整为状态here，但运气不佳。（基本上是将JWT_ALGORITHM或JWT_PUBLIC_KEY设置为RS256，然后我得到JWT_PUBLIC_KEY must be set to use asymmetric cryptography algorithm "RS256"或Could not deserialize key data.

以下是JWT谷歌形状：

标题：

  "alg": "RS256",
  "kid": "",
  "typ": "JWT"
}

正文：

{
  "iss": "https://accounts.google.com",
  "azp": "some.apps.googleusercontent.com",
  "aud": "some.apps.googleusercontent.com",
  "sub": "some_uuid",
  "email": "email@test.com",
  "email_verified": true,
  "at_hash": "",
  "name": "use_full_name",
  "picture": "https://lh3.googleusercontent.com/a-/some",
  "given_name": "user_name",
  "family_name": "last_name",
  "locale": "en",
  "iat": 1572189191,
  "exp": 1572192791
}

感谢您的帮助！（继续努力）