docs: make decode impossible to discover before verify

see #741
auth0 · Sep 10, 2020 · a46097e · a46097e
1 parent 15a1bc4
commit a46097e
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -231,6 +231,9 @@ jwt.verify(token, getKey, options, function(err, decoded) {
 
 ```
 
+<details>
+<summary><em></em>Need to peak into a JWT without verifying it? (Click to expand)</summary>
+
 ### jwt.decode(token [, options])
 
 (Synchronous) Returns the decoded payload without verifying if the signature is valid.
@@ -259,6 +262,8 @@ console.log(decoded.header);
 console.log(decoded.payload)
 ```
 
+</details>
+
 ## Errors & Codes
 Possible thrown errors during verification.
 Error is the first argument of the verification callback.