search

kylef / JSONWebToken.swift

Swift implementation of JSON Web Token (JWT).
http://jwt.io
BSD 2-Clause "Simplified" License
762 stars 226 forks source link

Make algorithm parameter optional for decode #41

Closed asib closed 8 years ago

asib commented 8 years ago

decode only needs an algorithm if verify is true, otherwise it never even touches the algorithm parameter. This means even when I'm not verifying the JWT, I have to pass some sort of algorithm who's values are of no consequence.

I think even passing Algorithm.None is slightly misleading, because a JWT can be encoded using Algorithm.None, so there's still an implication that something will be done with this argument.

Therefore, may I propose making the algorithm parameter optional for decode?

kylef commented 8 years ago

@asib You can already pass in an empty array (no algorithms):

JWT.decode(jwt, algorithms: [], verify: false)

I think this is a better approach than making algorithm optional. Making the algorithm optional promotes using JSONWebToken as a library to decode JSONWebToken without verifying the token. It also makes it easier to mis-use JSONWebToken and accidentally pass in nil instead of a valid algorithm when you are trying to verify.

JonathanRosado commented 7 years ago

+1 Not all use cases warrant the verification of the token. Not making the algorithm optional was very confusing since you don't need an algorithm to decode base64.

gabrielnieves18 commented 7 years ago

1+ I agree with @JonathanRosado . Mostly on the confusing part. Not making the value optional and adding an Enum of Algorithm.none just adds to the confusion.

I would suggest at least adding an example to the README.