express-jwt icon indicating copy to clipboard operation
express-jwt copied to clipboard
verified publisher icon auth0

Adding option to skip token validation.

Open petereitz opened this issue 7 years ago • 2 comments

Looks for skipVerify in options.


jwtAuth({
  secret: yoursupersecret,
  skipVerify: true
})

Appends unverified: true to decoded token data (saved to req.user by default).

Resolves #183

petereitz avatar Oct 13 '18 13:10 petereitz

Are there any plans to get this merged? This would be very useful for automated testing.

DanielPe05 avatar Dec 05 '19 19:12 DanielPe05

In our platform we verify the access token in our API Gateway and then upstream services merely need to decode the token to read the claims, so this PR would be really useful...but I'm guessing this isn't going to get merged given it's been 2.5 years?

richardscarrott avatar May 14 '21 10:05 richardscarrott

Sorry about the very LONG LONG delay... I feel this is not the purpose of this middleware. I'd rather recommend something with jwt-decode as follows:

const decodeMiddleware = (req, res, next) => {
  const token = req.headers['authorization'].replace(/Bearer\s/i, '');
  req.auth = jwtDecode(token);
  next();
}

jfromaniello avatar Dec 22 '22 13:12 jfromaniello