Disable signature verification
mirai-toto opened this issue · 1 comments
mirai-toto commented
I only need to decode JWT token, this project is useful to get data from the payload.
In my micro service, I get a JWT Token, but I may not know the signature key used by the server.
The feature could look like below:
Jws<Claims> result = Jwts.parserBuilder().disableSigningKey().build().parseClaimsJws(authorizationToken);
I don't know if this feature break any security rule. I mean, I can already find all my payload data, I just wanted to use the JJWT project to make it easier.
mirai-toto commented
I just saw the issue #205, I guess that won't happen.
But I see, that I can ignore the exception and decode anyway.