i know, it's not optimal, but it would simplify verification for systems, that already support jwt verification