decode()
|| verify()
decode()
: Only decodes the token from base64url encoding without verifying the signature.verify()
: Decodes the token and verifies the signature.decode()
does NOT verify the signature at all. Sometimes developers might mix up these methods.none
algorithm is accepted by the server, then the signature won't be verified at all. That is, anyone can forge a malicious JWT and the server will accept it blindly. This is a dumb vulnerability, just disable the none
algorithm, please.verify()
which takes two arguments depending on user-specified algorithm:verify(token, secret)
– if the user-specified algorithm is HS256verify(token, public_key)
– if the user-specified algorithm is RS256verify()
does NOT check whether the received token is signed using the application's expected algorithm. Suppose the server uses RS256. If the public key is accessible within the application, an attacker can forge malicious tokens by:verify()
method will treat the public key as an HMAC shared secret and use symmetric rather than asymmetric encryption. This means that the token will be signed using the application’s non-secret public key and then verified using the same public key.verify()
method.