diff options
author | Alejandro J. C De Baca <acdebaca@users.noreply.github.com> | 2018-05-19 08:29:18 -0400 |
---|---|---|
committer | José Padilla <jpadilla@webapplicate.com> | 2018-05-19 08:29:18 -0400 |
commit | c4a4fb6a99fedb209647c92ade310f214ec4ad4e (patch) | |
tree | 078161ce953c1daca58276c1f372841728b6d5f8 | |
parent | aed7305680b0ca6cf9846cd755b420f4dfccee22 (diff) | |
download | pyjwt-c4a4fb6a99fedb209647c92ade310f214ec4ad4e.tar.gz |
Added section to usage docs for jwt.get_unverified_header() (#350)
-rw-r--r-- | docs/usage.rst | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/usage.rst b/docs/usage.rst index 68d08d2..b9038c4 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -51,6 +51,20 @@ the integrity or authenticity of the claimset cannot be trusted. >>jwt.decode(encoded, verify=False) {u'some': u'payload'} +Reading Headers without Validation +---------------------------------- + +Some APIs require you to read a JWT header without validation. For example, +in situations where the token issuer uses multiple keys and you have no +way of knowing in advance which one of the issuer's public keys or shared +secrets to use for validation, the issuer may include an identifier for the +key in the header. + +.. code-block:: python + + >>jwt.get_unverified_header(encoded) + {u'alg': u'RS256', u'typ': u'JWT', u'kid': u'key-id-12345...'} + Registered Claim Names ---------------------- |