Has anyone tried to send a JWT token with the fields in a different order (e.g. a long key first and key ID and algorithm behind) and see how many implementations will break?

there are better things to do, like send json that has "alg" twice, each different (one of them "none" ideally) and different implementations handle it differently