Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a way to get the header + payload without verifying the signature #48

Closed
mike-engel opened this issue Feb 24, 2018 · 2 comments
Closed

Add a way to get the header + payload without verifying the signature #48

mike-engel opened this issue Feb 24, 2018 · 2 comments

Comments

@mike-engel
Copy link
Contributor

mike-engel commented Feb 24, 2018
edited

Hey! I've gotten a new issue on my cli tool (mike-engel/jwt-cli#4) which was fixed in 3.0 with typ being optional. 3.0 did, however, break one use case of my tool which is to just see the contents of a JWT without verifying the signature (debugging, etc). I used to use the validate_signature option in Validation, which was removed in 3.0.

Would you be open to having a separate method to just decode a token without verification? I looked through a couple of issues and didn't see the reason for removing validate_signature, but I'm sure there was one.

Thanks!
@Keats
Copy link
Owner

Keats commented Mar 2, 2018

The reason for removing it was to not have an insecure option as part of the main function. I think it would be fine to add something like dangerous_unsafe_decode to be added as an additional method, without touching the main decode.

mike-engel pushed a commit to mike-engel/rust-jwt that referenced this issue Mar 3, 2018
Add a method to decode a token without signature validation
fa84c2c 
- Solves Keats#48
- `dangerous_unsafe_decode`
- No docs (aside from cargo) since people probably shouldn't use it
mike-engel pushed a commit to mike-engel/rust-jwt that referenced this issue Mar 3, 2018
Add a method to decode a token without signature validation
aac095c 
- Solves Keats#48
- `dangerous_unsafe_decode`
- No docs (aside from cargo) since people probably shouldn't use it
@mike-engel mike-engel mentioned this issue Mar 3, 2018
Merged
mike-engel pushed a commit to mike-engel/rust-jwt that referenced this issue Mar 11, 2018
Add a method to decode a token without signature validation
1b1e5ed 
- Solves Keats#48
- `dangerous_unsafe_decode`
- No docs (aside from cargo) since people probably shouldn't use it
mike-engel pushed a commit to mike-engel/rust-jwt that referenced this issue Mar 14, 2018
Add a method to decode a token without signature validation
d30a759 
- Solves Keats#48
- `dangerous_unsafe_decode`
- No docs (aside from cargo) since people probably shouldn't use it
@Keats
Copy link
Owner

Keats commented Mar 19, 2018

It's in 4.0.1

@Keats Keats closed this as completed Mar 19, 2018
JadedBlueEyes referenced this issue in JadedBlueEyes/jsonwebtoken Apr 13, 2023
Add a method to decode a token without signature validation
597db31 
- Solves #48
- `dangerous_unsafe_decode`
- No docs (aside from cargo) since people probably shouldn't use it
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mike-engel @Keats