You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if it's possible to skip claim validations in the JWT middleware.
i.e. somebody sends with "alg":"HS256", but I don't want to check the signature
The text was updated successfully, but these errors were encountered:
No, currently it is not possible to skip signature checking.
This would only make sense for testing, as the signature is part of JWT mechanism to ensure a valid token.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This is probably resolved by PR #1756 , which allows to use a custom KeyFunc to handle key retrieval and signature validation.
Please let us know if this works for you @aclowkey
I was wondering if it's possible to skip claim validations in the JWT middleware.
i.e. somebody sends with "alg":"HS256", but I don't want to check the signature
The text was updated successfully, but these errors were encountered: