Expose decode/4 to skip decoding steps

Currently, `decode/3` performs various checks on a JWT, and then base64 decodes and finally JSON decodes the token. However, in some cases, it's desirable to skip the decoding steps, and just return the token payload in binary form. This exposes `decode/4` where the 4th argument is a decoder fun that defaults to `decode_b64url_json/1` for `decode/3` to retain existing behavior, but also exposes `decode_passthrough/1` in case a client wants to avoid any decoding steps.
apache · Jan 12, 2022 · 7954aca · 7954aca
1 parent 6e8713d
commit 7954aca
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl
@@ -20,6 +20,9 @@
 -export([
     encode/3,
     decode/3,
+    decode/4,
+    decode_b64url_json/1,
+    decode_passthrough/1,
     valid_algorithms/0,
     verification_algorithm/1
 ]).
@@ -80,14 +83,18 @@ encode(Header = {HeaderProps}, Claims, Key) ->
 
 % @doc decode
 % Decodes the supplied encoded token, checking
-% for the attributes defined in Checks and calling
+% for the attributes defined in Checks, calling
 % the key store function to retrieve the key needed
-% to verify the signature
+% to verify the signature, and decoding the Payload
+% with the Decoder, defaulting to decode_b64url_json/1.
 decode(EncodedToken, Checks, KS) ->
+    decode(EncodedToken, Checks, KS, fun decode_b64url_json/1).
+
+decode(EncodedToken, Checks, KS, Decoder) ->
     try
         [Header, Payload, Signature] = split(EncodedToken),
         validate(Header, Payload, Signature, Checks, KS),
-        {ok, decode_b64url_json(Payload)}
+        {ok, Decoder(Payload)}
     catch
         throw:Error ->
             {error, Error}
@@ -291,6 +298,9 @@ split(EncodedToken) ->
         _ -> throw({bad_request, <<"Malformed token">>})
     end.
 
+decode_passthrough(B64UrlEncoded) ->
+    B64UrlEncoded.
+
 decode_b64url_json(B64UrlEncoded) ->
     try
         case b64url:decode(B64UrlEncoded) of