Expose `decode/4` to skip decoding stepsseparate-json-decoding

Currently, `decode/3` performs various checks on a JWT, and then
base64 decodes and finally JSON decodes the token. However, in some
cases, it's desirable to skip the decoding steps, and just return the
token payload in binary form.

This exposes `decode/4` where the 4th argument is a decoder fun that
defaults to `decode_b64url_json/1` for `decode/3` to retain existing
behavior, but also exposes `decode_passthrough/1` in case a client
wants to avoid any decoding steps.

1 files changed, 13 insertions, 3 deletions

diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl
index d62789b0a..1dedb36f1 100644
--- a/src/jwtf/src/jwtf.erl
+++ b/src/jwtf/src/jwtf.erl
@@ -20,6 +20,9 @@
 -export([
     encode/3,
     decode/3,
+    decode/4,
+    decode_b64url_json/1,
+    decode_passthrough/1,
     valid_algorithms/0,
     verification_algorithm/1
 ]).
@@ -80,14 +83,18 @@ encode(Header = {HeaderProps}, Claims, Key) ->
 
 % @doc decode
 % Decodes the supplied encoded token, checking
-% for the attributes defined in Checks and calling
+% for the attributes defined in Checks, calling
 % the key store function to retrieve the key needed
-% to verify the signature
+% to verify the signature, and decoding the Payload
+% with the Decoder, defaulting to decode_b64url_json/1.
 decode(EncodedToken, Checks, KS) ->
+    decode(EncodedToken, Checks, KS, fun decode_b64url_json/1).
+
+decode(EncodedToken, Checks, KS, Decoder) ->
     try
         [Header, Payload, Signature] = split(EncodedToken),
         validate(Header, Payload, Signature, Checks, KS),
-        {ok, decode_b64url_json(Payload)}
+        {ok, Decoder(Payload)}
     catch
         throw:Error ->
             {error, Error}
@@ -291,6 +298,9 @@ split(EncodedToken) ->
         _ -> throw({bad_request, <<"Malformed token">>})
     end.
 
+decode_passthrough(B64UrlEncoded) ->
+    B64UrlEncoded.
+
 decode_b64url_json(B64UrlEncoded) ->
     try
         case b64url:decode(B64UrlEncoded) of