Decode without validation?

[lcmgh]

Hi!

I want to extract the exp timestamp from the token without validating it in order to build a small lib that requests a new token before the current one expires. Hence I don't need to validate it but read the exp date.

Is that possible?

[Keats]

Decode with a dummy key and use https://docs.rs/jsonwebtoken/latest/jsonwebtoken/struct.Validation.html#method.insecure_disable_signature_validation

[lcmgh]

Thanks @Keats.

let mut no_validation = Validation::default();
no_validation.insecure_disable_signature_validation();

let dummy_decoding_key = DecodingKey::from_rsa_components("", "").unwrap();

let decoded_token =
    decode::<HashMap<String, serde_json::Value>>(token, &dummy_decoding_key, &no_validation)
        .unwrap();
println!("{:?}", decoded_token);