Use RS256 if algorithm is undefined but key is RSA

hokaccha · Sep 20, 2018 · ead36e1 · ead36e1
1 parent ecb19a0
commit ead36e1
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/jwt.js b/lib/jwt.js
@@ -76,6 +76,10 @@ jwt.decode = function jwt_decode(token, key, noVerify, algorithm) {
   var payload = JSON.parse(base64urlDecode(payloadSeg));
 
   if (!noVerify) {
+    if (!algorithm && /BEGIN( RSA)? PUBLIC KEY/.test(key.toString())) {
+      algorithm = 'RS256';
+    }
+
     var signingMethod = algorithmMap[algorithm || header.alg];
     var signingType = typeMap[algorithm || header.alg];
     if (!signingMethod || !signingType) {