Menu
I don't want to verify the JWT using the secret key (which I don't have), I only want to decode the JWT and read the payload. Can this be achieved using jsonwebtoken.io:jjwt? It seems like there is a method missing in the API.
Of course, I could split-&-Base64-decode the token myself but it feels like the most basic functionality one would expect from a JWT-library; hence I suspect I am missing something.
478
Try the following code:
int i = jws.lastIndexOf('.')
String withoutSignature = jws.substring(0, i+1);
Jwt<Header,Claims> untrusted = Jwts.parser().parseClaimsJwt(withoutSignature);
You can 'chop off' the last 'part' after the last period character ('.'), which is the JWS signature.And then read that JWT as a 'normal' JWT (non-JWS).
What you are asking for is to ignore the signature on a valid JWS and read the JWT header and body anyway. This violates the JWS specification, and because of that JJWT does not support it.
This is taken from this github issue, which I guess is same as you are facing.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
