Open tyilo opened 3 weeks ago
Honestly, decoding a token without validating the signature is something that you shouldn't do most of the time so I do not particularly care about making it user friendly
Honestly, decoding a token without validating the signature is something that you shouldn't do most of the time so I do not particularly care about making it user friendly
It is useful as a client using the token to be able to see what claims are inside the token. exp
can be really useful.
Well you can't really trust any of the things you see in the claims unless you validate the signature
Well you can't really trust any of the things you see in the claims unless you validate the signature
Sure, but I'm the client. I don't have access to the server's secret key.
Currently you have to use:
I think the following API would be better:
You avoid having to choose a random algorithm and decoding key that isn't ever used.