don't pass verify=False to jwt.decode()

it has been deprecated since pyjwt-1.1.0 (2015, jpadilla/pyjwt#134)
and ignored entirely since pyjwt-2.0.0 (jpadilla/pyjwt#515)

src/scitokens/scitokens.py

@@ -284,7 +284,7 @@ def deserialize(serialized_token, audience=None, require_key=False, insecure=Fal
         serialized_jwt = info[0] + "." + info[1] + "." + info[2]
 
         unverified_headers = jwt.get_unverified_header(serialized_jwt)
-        unverified_payload = jwt.decode(serialized_jwt, verify=False, algorithms=['RS256', 'ES256'],
+        unverified_payload = jwt.decode(serialized_jwt, algorithms=['RS256', 'ES256'],
                                         options={"verify_signature": False})
 
         # Get the public key from the issuer

tests/create_sample_token.py

@@ -80,7 +80,7 @@ def main():
     #numbers = loaded_private_key.private_numbers()
 
     flattened = {}
-    flattened['payload'] = jwt.decode(token_encoded, verify=False)
+    flattened['payload'] = jwt.decode(token_encoded)
     flattened['protected'] = jwt.get_unverified_header(token_encoded)
     flattened['signature'] = token_encoded.split(".")[-1]
 
@@ -105,7 +105,7 @@ def main():
     child_token_encoded = jwt.encode({"read": "/ligo/brian"}, serialized_child_private, algorithm="ES256",
                                      headers={"pwt": pwt})
     flattened = {}
-    flattened['payload'] = jwt.decode(child_token_encoded, verify=False)
+    flattened['payload'] = jwt.decode(child_token_encoded)
     flattened['protected'] = jwt.get_unverified_header(child_token_encoded)
     flattened['signature'] = child_token_encoded.split(".")[-1]
     flattened['key'] = private_jwk