search

nov / json-jwt

JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
MIT License
299 stars 81 forks source link

Decode jwt without verifying #93

Closed SerKnight closed 3 years ago

SerKnight commented 3 years ago

Ran into some API limits against a well known jwks endpoint,

Wondering if there is a way to use the library in it's current format and decode a token for the public claims without validating it. You can do this in ruby-jwt but I mich prefer this project

Current

jwks_data = JSON.parse(Faraday.get('https://identity.my-domain.com/.well-known/openid-configuration/jwks').body)
jwk_set = JSON::JWK::Set.new(jwks_data)
JSON::JWT.decode(tkn, jwk_set)

Proposed || does this functionality exist?

JSON::JWT.decode(tkn, validate: false)
SerKnight commented 3 years ago

Ahh - I found in the full docs WIKI.. Thanks.

id_token = JSON::JWT.decode id_token_string, :skip_verification
puts id_token.to_json

https://github.com/nov/json-jwt/wiki#decode-without-verifying-not-recommended-use-for-debugging-only