From a cursory read from the specs [1] I can see the following (Chapter 7.2):
> Finally, note that it is an application decision which algorithms may
> be used in a given context. Even if a JWT can be successfully
> validated, unless the algorithms used in the JWT are acceptable to
> the application, it SHOULD reject the JWT.
From what I understand from the above, the server side can decide to _always_ reject the "none" algorithm and still qualify as a valid implementation. The fact that the "none" algorithm is implemented or not by the library becomes a detail.
> Finally, note that it is an application decision which algorithms may
> be used in a given context. Even if a JWT can be successfully
> validated, unless the algorithms used in the JWT are acceptable to
> the application, it SHOULD reject the JWT.
From what I understand from the above, the server side can decide to _always_ reject the "none" algorithm and still qualify as a valid implementation. The fact that the "none" algorithm is implemented or not by the library becomes a detail.
[1] https://tools.ietf.org/html/rfc7519