genexuslabs · sgrampone · Sep 10, 2020 · Sep 9, 2020
diff --git a/GeneXusJWT/src/main/java/com/genexus/JWT/JWTCreator.java b/GeneXusJWT/src/main/java/com/genexus/JWT/JWTCreator.java
@@ -44,6 +44,7 @@ public JWTCreator() {
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/
 	public String doCreate(String algorithm, PrivateClaims privateClaims, JWTOptions options) {
+		this.error.cleanError();
 		if (options.hasError()) {
 			this.error = options.getError();
 			return "";
@@ -96,6 +97,35 @@ public String doCreate(String algorithm, PrivateClaims privateClaims, JWTOptions
 	}
 
 	public boolean doVerify(String token, String expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options) {
+		return doVerify(token, expectedAlgorithm, privateClaims, options, true, true);
+	}
+
+	public boolean doVerifyJustSignature(String token, String expectedAlgorithm, JWTOptions options) {
+		return doVerify(token, expectedAlgorithm, null, options, false, false);
+	}
+
+	public boolean doVerifySignature(String token, String expectedAlgorithm, JWTOptions options) {
+		return doVerify(token, expectedAlgorithm, null, options, false, true);
+	}
+
+	public String getPayload(String token) {
+		return getTokenPart(token, "payload");
+
+	}
+
+	public String getHeader(String token) {
+		return getTokenPart(token, "header");
+	}
+
+	public String getTokenID(String token) {
+		return getTokenPart(token, "id");
+	}
+
+	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
+
+	private boolean doVerify(String token, String expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options,
+			boolean verifyClaims, boolean verifyRegClaims) {
+		this.error.cleanError();
 		if (options.hasError()) {
 			this.error = options.getError();
 			return false;
@@ -108,10 +138,14 @@ public boolean doVerify(String token, String expectedAlgorithm, PrivateClaims pr
 			this.error.setError("JW005", e.getMessage());
 			return false;
 		}
-		if (isRevoqued(decodedJWT, options) || !verifyPrivateClaims(decodedJWT, privateClaims, options)
-				|| !verifyHeader(decodedJWT, options)) {
+		if (isRevoqued(decodedJWT, options)) {
 			return false;
 		}
+		if (verifyClaims) {
+			if (!verifyPrivateClaims(decodedJWT, privateClaims, options) || !verifyHeader(decodedJWT, options)) {
+				return false;
+			}
+		}
 		String algorithm = decodedJWT.getAlgorithm();
 		JWTAlgorithm alg = JWTAlgorithm.getJWTAlgorithm(algorithm, this.error);
 		if (this.hasError()) {
@@ -146,7 +180,7 @@ public boolean doVerify(String token, String expectedAlgorithm, PrivateClaims pr
 			}
 		}
 		Verification verification = JWT.require(algorithmType);
-		verification = buildVerification(verification, options);
+		verification = buildVerification(verification, options, verifyRegClaims);
 		if (this.hasError()) {
 			return false;
 		}
@@ -165,21 +199,6 @@ public boolean doVerify(String token, String expectedAlgorithm, PrivateClaims pr
 
 	}
 
-	public String getPayload(String token) {
-		return getTokenPart(token, "payload");
-
-	}
-
-	public String getHeader(String token) {
-		return getTokenPart(token, "header");
-	}
-
-	public String getTokenID(String token) {
-		return getTokenPart(token, "id");
-	}
-
-	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
-
 	private String getTokenPart(String token, String part) {
 		DecodedJWT decodedToken = JWT.decode(token);
 		String base64Part = "";
@@ -211,8 +230,11 @@ private boolean isRevoqued(DecodedJWT decodedJWT, JWTOptions options) {
 		return rList.isInRevocationList(decodedJWT.getId());
 	}
 
-	private Verification buildVerification(Verification verification, JWTOptions options) {
+	private Verification buildVerification(Verification verification, JWTOptions options, boolean verifyClaims) {
 		// Adding registered claims
+		if (!verifyClaims) {
+			return verification;
+		}
 		if (options.hasRegisteredClaims()) {
 			RegisteredClaims registeredClaims = options.getAllRegisteredClaims();
 			List<Claim> registeredC = registeredClaims.getAllClaims();
@@ -398,8 +420,7 @@ private boolean verifyHeader(DecodedJWT decodedJWT, JWTOptions options) {
 		if (parameters.isEmpty() && claimsNumber == 2) {
 			return true;
 		}
-		if(parameters.isEmpty() && claimsNumber > 2)
-		{
+		if (parameters.isEmpty() && claimsNumber > 2) {
 			return false;
 		}
 		List<String> allParms = parameters.getAll();