jwt_decode

Verify an existing JWT and allocate a new JWT object from it.

Decodes a JWT string and verifies the signature (if one is supplied). If no signature is used (JWS, alg="none") or key is NULL, then no validation is done other than formatting. It is not suggested to use this on a string that has a signature without passing the key to verify it. If the JWT is encrypted and no key is supplied, an error is returned.

@param jwt Pointer to a JWT object pointer. Will be allocated on success. @param token Pointer to a valid JWT string, nul terminated. @param key Pointer to the key for validating the JWT signature or for decrypting the token or NULL if no validation is to be performed. @param key_len The length of the above key. @return 0 on success, valid errno otherwise.

@remark If a key is supplied, the token must pass sig check or decrypt for it to be parsed without error. If no key is supplied, then a non-encrypted token will be parsed without any checks for a valid signature, however, standard validation of the token is still performed.