The big problem was that JWTs specifies the signature algorithm alongside the signature. Some naive implementations allowed all supported algorithms by default... one of which is "none". So an attacker was able to create a key with no signature and the application would accept it. I think nowadays all implementations require you to specifically whitelist the allowed algorithms.
But yeah, JWTs (technically JWS) overlaps with ItsDangerous, but ItsDangerous is much simpler and has fewer footguns.
But yeah, JWTs (technically JWS) overlaps with ItsDangerous, but ItsDangerous is much simpler and has fewer footguns.