Some APIs require you to read a JWT header without validation. For example, in situations where the token issuer uses multiple keys and you have no way of .