Must we specify algorithm when calling decode to avoid vulnerabilities?

[aarongray]

First of all, cool library. I was reading through the closed issues, and noticed #76. It seems to suggest that in order to be sure you are safe from this vulnerability affecting RSA and ECDSA algorithms, you need to specify the algorithm when decoding a JWT, like so: JWT.decode(token, key, true, algorithm: 'RS512'). So I then read through the readme for this library, but did not see this algorithm parameter mentioned anywhere in the readme. So now I'm confused and a little concerned.

Has the need to specify the optional algorithm parameter been removed due to a commit somewhere that made this library more secure by default? (That would be good)
Or must users specify this optional, undocumented algorithm parameter in order to be secure? (That would be bad)

If the latter is the case, I'm happy to help update the docs to clearly explain the algorithm needs to be passed in to keep things more secure.

[excpt]

Hi Aaron. You have to specify the algorithm to enable the verification (see lib/jwt.rb line 152 to 158: https://github.com/jwt/ruby-jwt/blob/master/lib/jwt.rb#L152). There is no other way to be sure. It has to be specified.

If your server receives a token, only your server knows the original algorithm that has been used to encode the token.

IMHO there's currently no better way to implement this.

[aarongray]

Sounds good, thanks for the clarification. I'll be happy to make a PR to update the docs to make it more clear to new users.

[excpt]

Thanks for the pull request. Merged. 👍