Added get_unverified_header method so that unverified headers can be retrieved by the application. Closes jpadilla#155

mark-adams · mark-adams · commit acb26350a52e · 2015-05-08T08:53:43.000-05:00
diff --git a/jwt/api_jws.py b/jwt/api_jws.py
@@ -119,6 +119,14 @@ def decode(self, jws, key='', verify=True, algorithms=None, options=None,
 
         return payload
 
+    def get_unverified_header(self, jwt):
+        """Returns back the JWT header parameters as a dict()
+
+        Note: The signature is not verified so the header parameters
+        should not be fully trusted until signature verification is complete
+        """
+        return self._load(jwt)[2]
+
     def _load(self, jwt):
         if isinstance(jwt, text_type):
             jwt = jwt.encode('utf-8')
diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py
@@ -356,6 +356,15 @@ def test_decode_with_algo_none_and_verify_false_should_pass(self, jws, payload):
         jws_message = jws.encode(payload, key=None, algorithm=None)
         jws.decode(jws_message, verify=False)
 
+    def test_get_unverified_header_returns_header_values(self, jws, payload):
+        jws_message = jws.encode(payload, key='secret', algorithm='HS256',
+                                 headers={'kid': 123})
+
+        header = jws.get_unverified_header(jws_message)
+
+        assert 'kid' in header
+        assert header['kid'] == 123
+
     @pytest.mark.skipif(not has_crypto, reason='Not supported without cryptography library')
     def test_encode_decode_with_rsa_sha256(self, jws, payload):
         # PEM-formatted RSA key
