Should jwsDecode return null if payload is not valid JSON?

[dschenkelman]

First of all: awesome library, we use it a lot at Auth0!

Does the issue question make sense? It would require a try/catch around this line:
https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L71

I think it should as that is how other invalid cases are dealt with. I'm will send the PR if you tell me that is OK.

Thanks!

[dschenkelman]

It was just a bit of code, I went ahead and created the PR: #24

[omsmith]

Seems it might be for this particular case, given we're trying to parse json within the library.

Seems to me like we shouldn't be attempting to parse json at all though really, better off sending along the utf8 (or otherwise encoded) string and let the consumer/jwt library deal with that.

Would be a breaking change. Thoughts?

[santiagoaguiar]

The header is already checked using safeJsonParse at:
https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L23

Given the current behavior where other malformed cases (invalid header, invalid jws) are already returned as null, it seems using safeJsonParse should be the right way to do it.

Given this was raised more than a year ago, my hopes aren't high :).