let stdout to be unverified

Makefile

@@ -18,7 +18,7 @@ build:
 
 ## Runs the app
 run:  
-	@cargo fmt && make lint && CARGO_INCREMENTAL=1 cargo run
+	@echo cargo fmt && make lint && CARGO_INCREMENTAL=1 cargo run -- $(filter-out $@, $(MAKECMDGOALS))
 
 ## Run clippy
 lint:  

README.md

@@ -39,9 +39,9 @@ Crafted by
   - **RSA** - `RS{256,384,512}`, `PS{256,384,512}`: PEM file, DER file, PKCS8 file, JWKS (JSON text and `.json` file)
   - **ECDSA** - `ES{256,384}`: PEM file, DER file, PKCS8 file, JWKS (JSON text and `.json` file)
   - **EdDSA** : PEM file, DER file, PKCS8 file, JWKS (JSON text and `.json` file)
-  - - Note: JWKS support is only for decoding
+  - - Note: JWKS support is only for decoding. For encoding use PEM/DER/PKCS8 files for RSA/ECDSA/EdDSA and plain/base64 text for HMAC
 - Dark/Light themes
-- Sensible keyboard shortcuts
+- Sensible keyboard shortcuts and Mouse support
 - Copy to clipboard
 - STDOUT mode
 
@@ -126,6 +126,9 @@ jwtui -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]
 # Print decoded token to stdout with HMAC plain text secret
 jwtui -s -S 'plain_text_secret' [TOKEN]
 
+# Print decoded token to stdout without signature validation.
+jwtui -sn [TOKEN]
+
 # Print decoded token to stdout with HMAC base64 encoded secret
 jwtui -s -S 'b64:eW91ci0yNTYtYml0LXNlY3JldAo=' [TOKEN]
 
@@ -143,10 +146,11 @@ Arguments:
 
 Options:
 
-- `-s, --stdout` whether the CLI should run in TUI mode or just print to stdout
-- `-j, --json` whether stdout should be formatted as JSON
+- `-S, --secret <SECRET>` Secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:) [default: ]
+- `-s, --stdout` Print to STDOUT instead of starting the CLI in TUI mode
+- `-n, --no-verify` Do not validate the signature of the JWT when printing to STDOUT.
+- `-j, --json` Format STDOUT as JSON
 - `-t, --tick-rate <TICK_RATE>` Set the tick rate (milliseconds): the lower the number the higher the FPS. Must be less than 1000 [default: 250]
-- `-S, --secret <SECRET>` secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:) [default: ]
 - `-h, --help` Print help
 - `-V, --version` Print version
 
@@ -174,9 +178,9 @@ If you are looking for a non TUI CLI, check out [jwt-cli](https://github.com/mik
 
 ## Limitations/Known issues
 
-- Copy to clipboard is not supported on `aarch64` and `arm` machines.
-- [macOS] KDash looks better on iTerm2 since macOS's default Terminal app makes the colors render weird.
-- [Windows] KDash looks better on CMD since Powershell's default theme makes the colors look weird.
+- **[Linux/Docker]** Copy to clipboard feature is OS/arch dependent and might crash in some Linux distros and is not supported on `aarch64` and `arm` machines.
+- **[macOS]** KDash looks better on iTerm2 since macOS's default Terminal app makes the colors render weird.
+- **[Windows]** KDash looks better on CMD since Powershell's default theme makes the colors look weird.
 
 ## Libraries used
 

src/app/jwt_decoder.rs

@@ -135,7 +135,7 @@ pub(super) struct DecodeArgs {
 }
 
 /// decode the given JWT token and verify its signature if secret is provided
-pub fn decode_jwt_token(app: &mut App) {
+pub fn decode_jwt_token(app: &mut App, no_verify: bool) {
   let token = app.data.decoder.encoded.input.value();
   if !token.is_empty() {
     let secret = app.data.decoder.secret.input.value();
@@ -153,7 +153,9 @@ pub fn decode_jwt_token(app: &mut App) {
         app.data.decoder.set_decoded(Some(decoded));
       }
       (Ok(decoded), Err(e)) => {
-        app.handle_error(e);
+        if !no_verify {
+          app.handle_error(e);
+        }
         app.data.decoder.signature_verified = false;
         app.data.decoder.set_decoded(Some(decoded));
       }

src/app/mod.rs

@@ -227,7 +227,7 @@ impl App {
 
   pub fn on_tick(&mut self) {
     match self.get_current_route().id {
-      RouteId::Decoder => decode_jwt_token(self),
+      RouteId::Decoder => decode_jwt_token(self, false),
       RouteId::Encoder => encode_jwt_token(self),
       RouteId::Help => { /* nothing to do */ }
     }

src/main.rs

@@ -31,22 +31,25 @@ use crate::app::jwt_decoder::decode_jwt_token;
 #[derive(Parser, Debug)]
 #[command(author, version, about, long_about = None, before_help = BANNER)]
 pub struct Cli {
-  /// JWT token to decode [mandatory for stdout mode, optional for TUI mode]
+  /// JWT token to decode [mandatory for stdout mode, optional for TUI mode].
   #[clap(index = 1)]
   #[clap(value_parser)]
   pub token: Option<String>,
-  /// whether the CLI should run in TUI mode or just print to stdout
+  /// Secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:).
+  #[arg(short = 'S', long, value_parser, default_value = "")]
+  pub secret: String,
+  /// Print to STDOUT instead of starting the CLI in TUI mode.
   #[arg(short, long, value_parser, default_value_t = false)]
   pub stdout: bool,
-  /// whether stdout should be formatted as JSON
+  /// Do not validate the signature of the JWT when printing to STDOUT.
+  #[arg(short, long, value_parser, default_value_t = false)]
+  pub no_verify: bool,
+  /// Format STDOUT as JSON.
   #[arg(short, long, value_parser, default_value_t = false)]
   pub json: bool,
   /// Set the tick rate (milliseconds): the lower the number the higher the FPS. Must be less than 1000.
   #[arg(short, long, value_parser, default_value_t = 250)]
   pub tick_rate: u64,
-  /// secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:)
-  #[arg(short = 'S', long, value_parser, default_value = "")]
-  pub secret: String,
 }
 
 type Result<T> = std::result::Result<T, Box<dyn Error>>;
@@ -76,7 +79,7 @@ fn main() -> Result<()> {
 fn to_stdout(cli: Cli) {
   let mut app = App::new(cli.tick_rate, cli.token.clone(), cli.secret.clone());
   // print decoded result to stdout
-  decode_jwt_token(&mut app);
+  decode_jwt_token(&mut app, cli.no_verify);
   if app.data.error.is_empty() && app.data.decoder.is_decoded() {
     print_decoded_token(app.data.decoder.get_decoded().as_ref().unwrap(), cli.json);
   } else {