Closed raphaelcruzeiro closed 6 years ago
I just realised I can just split the token, get the middle part and decode it as it basically just a base64 encoded string. Closing this issue due to me being an idiot.
Hi @raphaelcruzeiro, you can also provide verify: false
to the decode
method. Then you can inspect and do any manual validation of the claim set.
I'm trying to use this library to decode a JWT and extract some claims. My problem is that I cannot get it to decode the token without trying to validate the token and I don't want my client app to know my secret for security reasons (the token came from the server. the app should just assume it's good). Is there anyway to extract the claims without validating the signature?