Decode a JWT without verifying the signature

kylef / JSONWebToken.swift

Swift implementation of JSON Web Token (JWT).

http://jwt.io

BSD 2-Clause "Simplified" License

763 stars 226 forks source link

Decode a JWT without verifying the signature #91

Closed raphaelcruzeiro closed 6 years ago

raphaelcruzeiro commented 6 years ago

I'm trying to use this library to decode a JWT and extract some claims. My problem is that I cannot get it to decode the token without trying to validate the token and I don't want my client app to know my secret for security reasons (the token came from the server. the app should just assume it's good). Is there anyway to extract the claims without validating the signature?

raphaelcruzeiro commented 6 years ago

I just realised I can just split the token, get the middle part and decode it as it basically just a base64 encoded string. Closing this issue due to me being an idiot.

kylef commented 6 years ago

Hi @raphaelcruzeiro, you can also provide verify: false to the decode method. Then you can inspect and do any manual validation of the claim set.