Is the RS256 implementation complete/correct?

[buhman]

It looks like validateEncodedJwtWithEncodedSecret calls encodedSignature which ends up calling j.s.Signature.sign; this value is compared literally with the input signature value. This does not match the description of RS256 from the JWA spec:

Submit the JWS Signing Input, the JWS Signature, and the public key corresponding to the private key used by the signer to the RSASSA-PKCS1-V1_5-VERIFY algorithm using SHA-256 as the hash function.

I believe RSASSA-PKCS1-V1_5-VERIFY here corresponds to j.s.Signature.verify. The corresponding test that came with #14 should also be updated to use the public key part for verification.