Added algorithm option to jwt policy

lib/policies/jwt/index.js

@@ -38,6 +38,10 @@ module.exports = {
         type: 'boolean',
         default: true,
         description: 'Value istructing the gateway whether verify the sub against the internal SOC'
+      },
+      algorithms: {
+        type: 'array',
+        description: 'If defined, limits valid jwts to specified algorithms'
       }
     },
     required: ['jwtExtractor', 'checkCredentialExistence'],

lib/policies/jwt/jwt.js

@@ -14,7 +14,8 @@ module.exports = function (params) {
     secretOrKey,
     jwtFromRequest: extractor,
     audience: params.audience,
-    issuer: params.issuer
+    issuer: params.issuer,
+    algorithms: params.algorithms
   }, (jwtPayload, done) => {
     if (!jwtPayload) {
       return done(null, false);