make JwtJson4s.parseClaim, JwtJson4s.parseHeader publicly accessible

Hi,

I am not able to use JwtJson4s.decode() without first getting the publicKey (since my signature is always non-empty). But in order to get the publicKey, my specific approach to using JWT involves looking up the publicKey from a database using the so-called kid header claim.

So, the process is:

1. decode the claims
2. check if the claims are expired (if not continue)
3. decode the header
4. get the kid from the decoded header
5. select the corresponding publicKey from the database based on the kid
6. using the publicKey, validate

This means I ended up copying and pasting the parse boilerplate of these protected methods, that way I didn’t need any key to decode the claims:

val parts = token.split("\\.")
val claims = JwtJson4s.readClaim(parse(JwtBase64.decodeString(parts(1))))
val keyId = extractString(parse(JwtBase64.decodeString(parts(0))), "kid").get

Would it be alright to make those methods publicly accessible for this fairly common use case? Or, could there be a decodeAll method that did not perform validate?

Here is the boilerplate used above that it would help to avoid:

protected def parse(value: String): JObject = jparse(value) match {
    case res: JObject => res
    case _ => throw new RuntimeException(s"Couldn't parse [$value] to a JObject")
  }

  private def extractString(json: JObject, fieldName: String): Option[String] = (json \ fieldName) match {
    case JString(value) => Option(value)
    case JNull => None
    case JNothing => None
    case _ => throw new JwtNonStringException(fieldName)
  }