allowUnsecured
Configures whether tokens with alg=none (unsecured JWTs) are accepted.
Unsecured tokens carry no signature and are rejected by default. Pass true only when the token source is fully trusted and signature validation is intentionally not required (RFC 7515 §6). Passing false re-enables signature verification if noVerify had previously disabled it.
Return
this builder for chaining
Parameters
allow
true to permit alg=none tokens; false to reject them (the default)