-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a way to get the header + payload without verifying the signature #48
Comments
The reason for removing it was to not have an insecure option as part of the main function. I think it would be fine to add something like |
mike-engel
pushed a commit
to mike-engel/rust-jwt
that referenced
this issue
Mar 3, 2018
- Solves Keats#48 - `dangerous_unsafe_decode` - No docs (aside from cargo) since people probably shouldn't use it
mike-engel
pushed a commit
to mike-engel/rust-jwt
that referenced
this issue
Mar 3, 2018
- Solves Keats#48 - `dangerous_unsafe_decode` - No docs (aside from cargo) since people probably shouldn't use it
mike-engel
pushed a commit
to mike-engel/rust-jwt
that referenced
this issue
Mar 11, 2018
- Solves Keats#48 - `dangerous_unsafe_decode` - No docs (aside from cargo) since people probably shouldn't use it
mike-engel
pushed a commit
to mike-engel/rust-jwt
that referenced
this issue
Mar 14, 2018
- Solves Keats#48 - `dangerous_unsafe_decode` - No docs (aside from cargo) since people probably shouldn't use it
It's in 4.0.1 |
JadedBlueEyes
referenced
this issue
in JadedBlueEyes/jsonwebtoken
Apr 13, 2023
- Solves #48 - `dangerous_unsafe_decode` - No docs (aside from cargo) since people probably shouldn't use it
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey! I've gotten a new issue on my cli tool (mike-engel/jwt-cli#4) which was fixed in 3.0 with
typ
being optional. 3.0 did, however, break one use case of my tool which is to just see the contents of a JWT without verifying the signature (debugging, etc). I used to use thevalidate_signature
option inValidation
, which was removed in 3.0.Would you be open to having a separate method to just decode a token without verification? I looked through a couple of issues and didn't see the reason for removing
validate_signature
, but I'm sure there was one.Thanks!
The text was updated successfully, but these errors were encountered: