import { type SkipJWTSignatureCheckOptions } from "https://deno.land/x/oauth4webapi@v1.4.1/mod.ts";
Properties
DANGER ZONE
When JWT assertions are received via direct communication between the Client and the Token/UserInfo/Introspection endpoint (which they are in this library's supported profiles and exposed functions) the TLS server validation MAY be used to validate the issuer in place of checking the assertion's signature.
Set this to true
to omit verifying the JWT assertion's signature (e.g. ID Token, JWT Signed
Introspection, or JWT Signed UserInfo Response).
Setting this to true
also means that:
- The Authorization Server's JSON Web Key Set will not be requested. That is useful for javascript runtimes that execute on the edge and cannot reliably share an in-memory cache of the JSON Web Key Set in between invocations.
- Any JWS Algorithm may be used, not just the supported ones.
Default is false
.