A common use case in localhost/dev is to not use any algorithms and test things via a simple passthrough decoding, then, in production we will use real keys.
For example, Firebase Auth emulator creates JWTs with no signature on the client with alg: "none". This is sent to the localhost dev server for validation. The current library doesn't have an extensible way to decode these types of JWTs and it would be great if there's an option to allow this development mode.
Keats
commented
3 months ago
A common use case in localhost/dev is to not use any algorithms and test things via a simple passthrough decoding, then, in production we will use real keys.
For example, Firebase Auth emulator creates JWTs with no signature on the client with
alg: "none". This is sent to the localhost dev server for validation. The current library doesn't have an extensible way to decode these types of JWTs and it would be great if there's an option to allow this development mode.