Added section to usage docs for jwt.get_unverified_header() (#350)

author: Alejandro J. C De Baca <acdebaca@users.noreply.github.com> 2018-05-19 08:29:18 -0400
committer: José Padilla <jpadilla@webapplicate.com> 2018-05-19 08:29:18 -0400
commit: c4a4fb6a99fedb209647c92ade310f214ec4ad4e (patch)
tree: 078161ce953c1daca58276c1f372841728b6d5f8
parent: aed7305680b0ca6cf9846cd755b420f4dfccee22 (diff)
download: pyjwt-c4a4fb6a99fedb209647c92ade310f214ec4ad4e.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/usage.rst b/docs/usage.rst
index 68d08d2..b9038c4 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -51,6 +51,20 @@ the integrity or authenticity of the claimset cannot be trusted.
     >>jwt.decode(encoded, verify=False)
     {u'some': u'payload'}
 
+Reading Headers without Validation
+----------------------------------
+
+Some APIs require you to read a JWT header without validation. For example,
+in situations where the token issuer uses multiple keys and you have no
+way of knowing in advance which one of the issuer's public keys or shared
+secrets to use for validation, the issuer may include an identifier for the
+key in the header.
+
+.. code-block:: python
+
+    >>jwt.get_unverified_header(encoded)
+    {u'alg': u'RS256', u'typ': u'JWT', u'kid': u'key-id-12345...'}
+
 Registered Claim Names
 ----------------------
author	Alejandro J. C De Baca <acdebaca@users.noreply.github.com>	2018-05-19 08:29:18 -0400
committer	José Padilla <jpadilla@webapplicate.com>	2018-05-19 08:29:18 -0400
commit	c4a4fb6a99fedb209647c92ade310f214ec4ad4e (patch)
tree	078161ce953c1daca58276c1f372841728b6d5f8
parent	aed7305680b0ca6cf9846cd755b420f4dfccee22 (diff)
download	pyjwt-c4a4fb6a99fedb209647c92ade310f214ec4ad4e.tar.gz