react-native-pure-jwt icon indicating copy to clipboard operation
react-native-pure-jwt copied to clipboard

Published 20 hours ago verified publisher icon zaguiini

Flaw: A secret should not be required for decode

Open Disfractal opened this issue 1 year ago • 2 comments

This is an issue with this project as a lot of client side apps do not encrypt the entire JWT.

You've stated and closed previous post on people talking about this saying look at the README for the { skipValidation: true }.

I've reviewed the code and skipValidation does nothing for allowing tokens to not need a secret. The error is being thrown by dependent libraries. In RNPureJwtModule.java line 99 the error signing key cannot be null or empty is being thrown from the io.jsonwebtoken.Jwts library.

Disfractal avatar Apr 12 '23 13:04 Disfractal

@Disfractal how did you solve this? It works fine in iOS but it's throwing the same error than you in Android signing key cannot be null or empty

utiq avatar Apr 18 '24 00:04 utiq

Thanks for reporting! PRs are open.

zaguiini avatar May 21 '24 00:05 zaguiini