[jwt] implement unsafeDecode

dmonad · Aug 24, 2023 · 3f338f7 · 3f338f7
1 parent 7a56320
commit 3f338f7
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/crypto.test.js b/crypto.test.js
@@ -5,7 +5,7 @@ import * as ecdsa from 'lib0/crypto/ecdsa'
 import * as t from './testing.js'
 import * as prng from './prng.js'
 import * as webcrypto from 'lib0/webcrypto'
-import * as json from 'lib0/json'
+import * as json from './json.js'
 
 /**
  * @param {t.TestCase} _tc
@@ -24,6 +24,8 @@ export const testJwt = async _tc => {
   console.log('jwt: ', jwt)
   const verified = await jose.verifyJwt(publicKey, jwt)
   t.compare(verified.payload, payload)
+  const unverified = jose.unsafeDecode(jwt)
+  t.compare(verified, unverified)
 }
 
 /**

diff --git a/crypto/jwt.js b/crypto/jwt.js
@@ -50,3 +50,16 @@ export const verifyJwt = async (publicKey, jwt) => {
     payload: _parse(payloadBase64)
   }
 }
+
+/**
+ * Decode a jwt without verifying it. Probably a bad idea to use this. Only use if you know the jwt was already verified!
+ *
+ * @param {string} jwt
+ */
+export const unsafeDecode = jwt => {
+  const [headerBase64, payloadBase64] = jwt.split('.')
+  return {
+    header: _parse(headerBase64),
+    payload: _parse(payloadBase64)
+  }
+}