Skip to content

Instance Method

addUnsecuredNone(kid:parser:serializer:)

Adds a configuration for JWTs without a signature.
@discardableResult func addUnsecuredNone(kid: JWKIdentifier? = nil, parser: some JWTParser = DefaultJWTParser(), serializer: some JWTSerializer = DefaultJWTSerializer()) -> Self

Parameters

kid

An optional JWKIdentifier (Key ID). If provided, it is used in the JWT kid header field to identify this key. While the key is unsecured, the kid can still be useful for consistent token structure or for routing purposes.

Return Value

The same instance of the collection (Self), facilitating method chaining.

Discussion

This method configures JWT processing to accept tokens with the ‘none’ algorithm, indicating that the JWT is not secured by a signature. Use this with caution, as it means the token’s integrity and authenticity are not verified through cryptographic means.

Tokens without a signature (‘none’ algorithm) are typically used in trusted environments or for specific use cases where security is not a primary concern, such as testing environments.

Usage Example:

let collection = await JWTKeyCollection()
    .addUnsecuredNone()

Note: As this configuration does not secure the JWT, ensure its use is appropriate for the security requirements of your system. It is not recommended for scenarios where data integrity and authentication are critical.