Decode without Secret

[mrenvoize]

It is my understanding that one should be able to decode the token without needing the secret, and use the secret only for verification of the contents thereafter. Unless I'm misunderstanding something regarding the way JWT is meant to work?

Is there any way to support this workflow within your module already that I'm missing, or would you support a pull request if I attempted to implement it myself?

[mrenvoize]

OK, having now read the code to see how I would go about implementing such a workflow, I now see that you can pass a is_varify flag to decode to do exactly the workflow I wanted.

Feel free to ignore my babbling now ;)