Description
The 'invalid algorithm' generated from https://github.com/auth0/node-jsonwebtoken/blob/master/verify.js#L121 is not documented, so when users of the library encounter it they may need to look at the source code. (Seeing https://github.com/auth0/node-jsonwebtoken#errors--codes gave me the impression that all errors messages would be documented there)
Since it looks like other Errors are documented, I think this error should also be documented for completeness.
Additionally, the default behavior when no algorithm is provided in the options doesn't seem to be documented. This has caused issues for others before who have opened issues.
Related to this, From https://github.com/auth0/node-jsonwebtoken/blob/master/verify.js#L114 with the current logic if the key contains BEGIN CERTIFICATE or BEGIN PUBLIC KEY, the default algorithms option's array is set to ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'] ..
Is this expected behaviour? Do both of them imply the same set of algorithms? [If the code were to change it would be great to make the precedence of the || explicit, i.e. add parenthesis around it. Even better would be to replace it with a switch and avoid nested ternaries.)