It should be possible to skip token validation

Question

It should be possible to skip token validation

ypicard opened this issue 2 years ago · comments

Describe the problem you'd like to have solved

I have a gateway in front of my services which takes care of validating the JWT tokens. I would still like to use this middleware to decode it and attach it to my request, but i do not see any options to do so at the moment.
I think this can also be useful for testing purposes where people would want to mock JWT tokens.

Describe the ideal solution

A skipVerification option would be great. Having this to true would make other fields optional.

Tyler Getsay · Answer 1 · Fri Oct 28 2022 21:37:58 GMT+0800 (China Standard Time)

You can use credentialsRequired: false for this

José F. Romaniello · Answer 2 · Fri Oct 28 2022 22:03:58 GMT+0800 (China Standard Time)

Sorry I didn't see this issue before.. If I understand correctly credentialsRequired: false is different because if the credential is present it will be validated. If you want to decode the token but not verifying it, you could use our other package: https://www.npmjs.com/package/jwt-decode