Skip to content

Conversation

dsykes16
Copy link
Contributor

@dsykes16 dsykes16 commented Oct 7, 2025

Add jsonwebtoken::dangerous::insecure_decode to support decoding headers and claims with no signature validation.

This should fulfill #401 and also provides a solution for #438

Add `jsonwebtoken::dangerous::insecure_decode` to support decoding
headers and claims with no signature validation.
Copy link
Owner

@Keats Keats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Keats
Copy link
Owner

Keats commented Oct 8, 2025

looks like we need to update the tests or allow deprecations

@dsykes16 dsykes16 force-pushed the add-dangerous-decode branch from cf213d9 to c592679 Compare October 8, 2025 14:51
Add deprecated attribute to
`Validation::insecure_disable_signature_validation`
@dsykes16 dsykes16 force-pushed the add-dangerous-decode branch from c592679 to d1b40bd Compare October 9, 2025 07:45
@Keats Keats merged commit fbcfd39 into Keats:master Oct 9, 2025
10 checks passed
@Turbo87
Copy link

Turbo87 commented Oct 14, 2025

thank you @dsykes16! this is exactly what we need for the Trusted Publishing implementation in crates.io :D

@Keats it looks like this PR has not been released yet. can we help in any way to get this into a published release? :)

@mokhaled2992
Copy link

Any idea when will this get released?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants