search

golang-jwt / jwt

Go implementation of JSON Web Tokens (JWT).
https://golang-jwt.github.io/jwt/
MIT License
6.98k stars 335 forks source link

Is it possible to just parse a JWT without verifying its signature? #394

Closed your-diary closed 2 months ago

your-diary commented 2 months ago

This is an intentional duplicate of #353. (I don't understand at all why #353 was closed by its author as not planned without any discussion though the author is not owner, member or contributor.)

Contrary to its name, jwt.Parse() parses and validates the signature of a JWT:

func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error)

Is it possible to somehow just parse a JWT without taking care of its signature?

My current workaround is giving up using this package and manually split and base64-decode a JWT.

mfridman commented 2 months ago

It was converted to a discussion because the OP found a similar issue, and there was a sufficient answer.

https://github.com/golang-jwt/jwt/discussions/354

another discussion: https://github.com/golang-jwt/jwt/discussions/122

You're likely looking for this:

https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Parser.ParseUnverified

Proceed with caution.

your-diary commented 2 months ago

@mfridman It works like a charm. Thank you!