Is it possible to just parse a JWT without verifying its signature?

Question

Is it possible to just parse a JWT without verifying its signature?

your-diary opened this issue 2 months ago · comments

This is an intentional duplicate of #353.
(I don't understand at all why #353 was closed by its author as not planned without any discussion though the author is not owner, member or contributor.)

Contrary to its name, jwt.Parse() parses and validates the signature of a JWT:

func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error)

Is it possible to somehow just parse a JWT without taking care of its signature?

My current workaround is giving up using this package and manually split and base64-decode a JWT.

Michael Fridman · Answer 1 · Mon Jun 24 2024 22:59:10 GMT+0800 (China Standard Time)

It was converted to a discussion because the OP found a similar issue, and there was a sufficient answer.

#354

another discussion: #122

You're likely looking for this:

https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Parser.ParseUnverified

Proceed with caution.

ynn · Answer 2 · Tue Jun 25 2024 17:53:46 GMT+0800 (China Standard Time)

@mfridman
It works like a charm.
Thank you!