in the jwt auth feature, what would be the best way to handle tokens that might have different issuers intermittently?