when decoding a valid token with
This error message is misleading, because there are the correct number
With this change, when a token with
when decoding a valid token with `algorithm: none`, unless explicitly requesting not to verify the token, it could not be validated and raised DecodeError with a message about insufficient segments. This error message is misleading, because there are the correct number of segments provided for that algorithm. With this change, when a token with `algorithm: none` is provided: * if the caller requests verification && does not specify `none` as an algorithm (default behaviour) it now raises `IncorrectAlgorithm`, which is a subclass of `DecodeError` to make the issue more clear. This is technically a minor change, but should not be breaking - it is returning a subclass, so the same rescues will still work. The message provided will be different. * if the caller requests verification && specifies `none` as an allowed algorithm, it verifies the claims and decodes the token as it would for a valid, signed token. This is new behaviour supporting claims verification for 'none' which was not previously available and is only "accessed" through explicit settings * if the caller explicitly requests no verification, the token is decoded without checking anything (no change in behaviour)
Hello, @danleyden! This is your first Pull Request that will be reviewed by SourceLevel, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.