Ignoring the accept field

[lagden]

Hi!

I was testing your example program: https://github.com/kjur/jsrsasign/blob/master/sample_node/jwtverify

Normal situation

I have:

eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vbGFnZGVuLmluIiwianRpIjoiMjhiYzA0ZWEtNjY2ZS01N2MzLWE4NzktYzA3MzFkNjhhMzRlIiwibmJmIjoxNTIwMzA5ODkwLCJkYXRhIjp7Im5hbWUiOiJKb3JnZSJ9fQ.N8yBe5H2fsd2-9jZLcSwGejfNBuhdNFDCS-cejSggY4F25SFGe_MZxp2d9zaE6OE5OVWH8jEx4UFdigl9TFWuQ

*** HEADER ***
{
  "alg": "HS512",
  "typ": "JWT"
}
*** PAYLOAD ***
{
  "iss": "http://lagden.in",
  "jti": "28bc04ea-666e-57c3-a879-c0731d68a34e",
  "nbf": 1520309890,
  "data": {
    "name": "Jorge"
  }
}

when I execute:

./jwtverify jwt.out -v -p de66bd178d5abc9e848787b678f9b613 -t utf8

OR

./jwtverify jwt.out -v --accept_iss http://lagden.in -p de66bd178d5abc9e848787b678f9b613 -t utf8

✔️ is valid!!!

when I execute:

./jwtverify jwt.out -v --accept_iss http://other.com -p de66bd178d5abc9e848787b678f9b613 -t utf8

❌ is invalid!!!

Everything is OK!!! 🎉

Weird situation

Now, I have this JWT:

eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkYTAzNmFhZS0wNDkwLTUxYWItODc1Ni1iYmY5YWM1ODBjYzEiLCJuYmYiOjE1MjAzMDgyMDksImRhdGEiOnsibmFtZSI6IkpvcmdlIn19.K3XOUaZVjMhNEfXblYXl5PjIpFbI7LM6ojVI8E6ckTesOPmQqum4AVrn3BhC9PjiK1pDQkBP3FQSAnIVNXhsTw

*** HEADER ***
{
  "alg": "HS512",
  "typ": "JWT"
}
*** PAYLOAD ***
{
  "jti": "da036aae-0490-51ab-8756-bbf9ac580cc1",
  "nbf": 1520308209,
  "data": {
    "name": "Jorge"
  }
}

when I execute:

./jwtverify jwt.out -v --accept_iss http://lagden.in -p de66bd178d5abc9e848787b678f9b613 -t utf8

✔️ is valid!!!

😵

I'd like to understand one thing!! Should be invalid? Because there is no iss!