Support for token validation without signature validation

odwyersoftware / azure-ad-verify-token

Verify JWT issued by Azure Active Directory B2C in Python 🐍

Other

22 stars 6 forks source link

Support for token validation without signature validation #6

Closed chinmayshah99 closed 2 years ago

chinmayshah99 commented 2 years ago

Hi Richard,

There are a lot of cases where Signature verification is failing. To deal with that, we could make the verify = True optional with giving the user the power to change it.

This is a known issue raised on Azure repo too: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/609

Just to reiterate, I am not saying we should make it False by default, but giving it the user control over it.

PS. I can take this up.

richardARPANET commented 2 years ago

Sure, sounds good :+1:

richardARPANET commented 2 years ago

released in version 0.2.0