Design goals from first principles:
- JWS holds only parsed structure (header, payload, sig) — no Claims
interface, no Verified flag. Removes footguns from the simpler packages.
- Issuer owns key management and verification. Verify does key lookup by
kid, sig verification, and iss claim check — in that order, so sig is
always authenticated before any payload data is trusted.
- ValidateParams is a stable config object with Validate(StandardClaims,
time.Time) as a method. Time is passed at the call site, not stored in
the params struct, so the same config object can be reused across requests.
- UnmarshalClaims(v any) accepts any type — no Claims interface to
implement. Custom validation is a plain function call, not a method
satisfying an interface.
- Sign uses crypto.Signer, supporting ES256/ES384/ES512 (ECDSA), RS256
(RSA PKCS#1 v1.5), and EdDSA (Ed25519, RFC 8037).
- PublicJWK uses crypto.PublicKey (not generics) since JWKS returns
heterogeneous key types at runtime. Typed accessors ECDSA(), RSA(), and
EdDSA() replace TypedKeys[K] filtering.
- JWKS parsing handles kty: "EC", "RSA", and "OKP" (Ed25519).
10 tests: ES256/RS256/EdDSA round trips, custom validation, wrong key,
unknown kid, iss mismatch, tampered alg, PublicJWK accessors, JWKS JSON.
