Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow jwt decode without passing a key #103

Open
CruseCtrl opened this issue Apr 12, 2022 · 1 comment
Open

Allow jwt decode without passing a key #103

CruseCtrl opened this issue Apr 12, 2022 · 1 comment

Comments

@CruseCtrl
Copy link

When using decode with noVerify, there's no point in passing the key because it's not going to be used. It would make sense if you could call decode(token) without passing a key, and it would decode the token without trying to verify it.

At the moment I have to do something like decode(token, 'dummy_key', true), which is a lot more verbose
@DevBrent
Copy link

This is a bad idea. By default, decode should always verify in order to reduce the chance of incorrectly believing the request is verified. You can also pass undefined as your key for this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DevBrent @CruseCtrl