Skip to content

Commit

Permalink
Use RS256 if algorithm is undefined but key is RSA
Browse files Browse the repository at this point in the history
  • Loading branch information
nieltg committed Sep 20, 2018
1 parent ecb19a0 commit ead36e1
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/jwt.js
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ jwt.decode = function jwt_decode(token, key, noVerify, algorithm) {
var payload = JSON.parse(base64urlDecode(payloadSeg));

if (!noVerify) {
if (!algorithm && /BEGIN( RSA)? PUBLIC KEY/.test(key.toString())) {
algorithm = 'RS256';
}

var signingMethod = algorithmMap[algorithm || header.alg];
var signingType = typeMap[algorithm || header.alg];
if (!signingMethod || !signingType) {
Expand Down

0 comments on commit ead36e1

Please sign in to comment.