Removed the verification_key emptiness guard. Allowing nils as verifi…

…cation keys

lib/jwt/default_decoder.rb

@@ -3,6 +3,7 @@
 require_relative 'x5c_key_finder'
 
 module JWT
+  # This class contains the old logic for decoding JWT tokens. Preserving backwards compatibility as best as possible.
   class DefaultDecoder
     def self.define_decoder(options) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       JWT.define do
@@ -68,7 +69,6 @@ def decode_segments
 
     def verify_signature
       return if none_algorithm?
-      raise JWT::DecodeError, 'No verification key available' if decode_context.verification_keys.empty?
 
       return if decode_context.valid_signature?
 

spec/jwt_spec.rb

@@ -336,11 +336,6 @@
       end.to raise_error NotImplementedError
     end
 
-    it 'raises "No verification key available" error' do
-      token = JWT.encode({}, 'foo')
-      expect { JWT.decode(token, nil, true) }.to raise_error(JWT::DecodeError, 'No verification key available')
-    end
-
     it 'ECDSA curve_name should raise JWT::IncorrectAlgorithm' do
       key = OpenSSL::PKey::EC.generate('secp256k1')
 
@@ -758,14 +753,6 @@
     end
   end
 
-  describe 'when token signed with nil and decoded with nil' do
-    let(:no_key_token) { ::JWT.encode(payload, nil, 'HS512') }
-    it 'raises JWT::DecodeError' do
-      pending 'Different behaviour on OpenSSL 3.0 (https://github.com/openssl/openssl/issues/13089)' if ::JWT.openssl_3_hmac_empty_key_regression?
-      expect { ::JWT.decode(no_key_token, nil, true, algorithms: 'HS512') }.to raise_error(JWT::DecodeError, 'No verification key available')
-    end
-  end
-
   context 'when multiple algorithms given' do
     let(:token) { JWT.encode(payload, 'secret', 'HS256') }