diff --git a/src/decoding.rs b/src/decoding.rs index 8d87f03..af836fb 100644 --- a/src/decoding.rs +++ b/src/decoding.rs @@ -286,3 +286,43 @@ pub fn decode_header(token: &str) -> Result
{ let (_, header) = expect_two!(message.rsplitn(2, '.')); Header::from_encoded(header) } + +/// Decode a JWT without any signature verification and return its claims. +/// This means that the token is not verified so use with caution. +/// This is useful when you want to extract the claims without verifying the signature. +/// +/// # Arguments +/// +/// * `token` - A string slice that holds the JWT token +/// * `validation` - A [Validation](struct.Validation.html) object that holds the validation options +/// +/// # Example +/// +/// ```rust +/// use jsonwebtoken::{insecure_decode_without_signature_validation, Validation, Algorithm}; +/// use serde::{Deserialize, Serialize}; +/// +/// #[derive(Debug, Serialize, Deserialize)] +/// struct Claims { +/// sub: u32, +/// name: String, +/// iat: u64, +/// exp: u64 +/// } +/// +/// // Example token from jwt.io +/// let token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZXhwIjoyNTE2MjM5MDYwfQ.Yf3kCk-BdkW3DZNao3lwMoU41ujnt86OgewBA-Q2uBw".to_string(); +/// let validation = Validation::new(Algorithm::HS256); +/// let claims = insecure_decode_without_signature_validation::(&token, &validation).unwrap(); +/// ``` +pub fn insecure_decode_without_signature_validation( + token: &str, + validation: &Validation, +) -> Result { + let (_, rest) = expect_two!(token.rsplitn(2, '.')); + let (claims, _) = expect_two!(rest.rsplitn(2, '.')); + let decoded_claims = DecodedJwtPartClaims::from_jwt_part_claims(claims)?; + let claims = decoded_claims.deserialize()?; + validate(decoded_claims.deserialize()?, validation)?; + Ok(claims) +} diff --git a/src/jwk.rs b/src/jwk.rs index 49c5800..3533a28 100644 --- a/src/jwk.rs +++ b/src/jwk.rs @@ -1,7 +1,7 @@ #![allow(missing_docs)] //! This crate contains types only for working JWK and JWK Sets //! This is only meant to be used to deal with public JWK, not generate ones. -//! Most of the code in this file is taken from https://github.com/lawliet89/biscuit but +//! Most of the code in this file is taken from but //! tweaked to remove the private bits as it's not the goal for this crate currently. use crate::{ diff --git a/src/lib.rs b/src/lib.rs index 0c8664b..b5b8beb 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -18,7 +18,9 @@ mod serialization; mod validation; pub use algorithms::Algorithm; -pub use decoding::{decode, decode_header, DecodingKey, TokenData}; +pub use decoding::{ + decode, decode_header, insecure_decode_without_signature_validation, DecodingKey, TokenData, +}; pub use encoding::{encode, EncodingKey}; pub use header::Header; pub use validation::{get_current_timestamp, Validation};