JWT Skip claim validation

[aclowkey]

I was wondering if it's possible to skip claim validations in the JWT middleware.
i.e. somebody sends with "alg":"HS256", but I don't want to check the signature

[lammel]

No, currently it is not possible to skip signature checking.
This would only make sense for testing, as the signature is part of JWT mechanism to ensure a valid token.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[agravelot]

On some infrastructure, it's the gateway/mesh to do this verification (like istio), microservice itself is dumb about authentication.

[lammel]

This is probably resolved by PR #1756 , which allows to use a custom KeyFunc to handle key retrieval and signature validation.
Please let us know if this works for you @aclowkey