Multiple JWT signers not working as expected

[Samsv77]

Describe the bug

I am building an app that accepts 2 different JWTs for authentication, 1 that is generated by the app itself, 1 that is generated by an external entity.
As a result I am using 2 signers,

app.jwt.signers.use(.hs256(key: authSecret))    // For local app auth 
app.jwt.signers.use(.es256(key: .public(pem: ecdsaPublicKey))   // For external entity JWT auth

Per Vapor doc it should work, my app should accept either JWT and authenticate
But in reality it is only using the 1st signer, or whichever is set to default. If the 1st signer fail to validate the JWT, authentication fails with the error: signature verification failed
If I declare the ECDSA signer 1st, I can only validate JWTs with this signer, other JWTs will fail with the error signature verification failed

Is it a bug or expected behavior ?
If expected behavior, how can I accept 2 different JWTs ?

Note: I also tried with kid, but this expects the external entity to generate a JWT with the kid as well.

Expected behavior

Vapor should loop through the signers and verify the JWT.
Authentication should succeed if any of the signer is able to verify the JWT, and fail only if none of the signers can verify.

Environment

• Vapor Framework version: 4.67.3 - 4.77.0
• JWT version: 4.2.1

[0xTim]

@ptoffy something to check - don't need to wait on the beta for it but we should check before the 5.0 actual release