From 3f338f74a70d081d47a896d497a5b328950bb6d6 Mon Sep 17 00:00:00 2001
From: Kevin Jahns <kevin.jahns@protonmail.com>
Date: Thu, 24 Aug 2023 19:52:11 +0200
Subject: [PATCH] [jwt] implement unsafeDecode

---
 crypto.test.js |  4 +++-
 crypto/jwt.js  | 13 +++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/crypto.test.js b/crypto.test.js
index 3e3cbbe..789d8f8 100644
--- a/crypto.test.js
+++ b/crypto.test.js
@@ -5,7 +5,7 @@ import * as ecdsa from 'lib0/crypto/ecdsa'
 import * as t from './testing.js'
 import * as prng from './prng.js'
 import * as webcrypto from 'lib0/webcrypto'
-import * as json from 'lib0/json'
+import * as json from './json.js'
 
 /**
  * @param {t.TestCase} _tc
@@ -24,6 +24,8 @@ export const testJwt = async _tc => {
   console.log('jwt: ', jwt)
   const verified = await jose.verifyJwt(publicKey, jwt)
   t.compare(verified.payload, payload)
+  const unverified = jose.unsafeDecode(jwt)
+  t.compare(verified, unverified)
 }
 
 /**
diff --git a/crypto/jwt.js b/crypto/jwt.js
index 638d955..8753f79 100644
--- a/crypto/jwt.js
+++ b/crypto/jwt.js
@@ -50,3 +50,16 @@ export const verifyJwt = async (publicKey, jwt) => {
     payload: _parse(payloadBase64)
   }
 }
+
+/**
+ * Decode a jwt without verifying it. Probably a bad idea to use this. Only use if you know the jwt was already verified!
+ *
+ * @param {string} jwt
+ */
+export const unsafeDecode = jwt => {
+  const [headerBase64, payloadBase64] = jwt.split('.')
+  return {
+    header: _parse(headerBase64),
+    payload: _parse(payloadBase64)
+  }
+}