-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation around Parse() #392
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The note in the docs (I guess sourced from the comment here)
Sounds to me like the default of the library would be to just accept tokens with the none type alg. From my testing however, this does not seem to be the case:
results in:
See: Test 2
Therefore, I think a different text would be better here to still encourage developers to make use of the option, but not be worried that the library default is to accept insecure JWTs.
I submitted a MR for this:
The text was updated successfully, but these errors were encountered: