# File lib/omniauth/auth0/jwt_validator.rb, line 30
      def decode(jwt)
        head = token_head(jwt)

        # Make sure the algorithm is supported and get the decode key.
        decode_key = @client_secret
        if head[:alg] == 'RS256'
          decode_key = rs256_decode_key(head[:kid])
        elsif head[:alg] != 'HS256'
          raise JWT::VerificationError, :id_token_alg_unsupported
        end

        # Docs: https://github.com/jwt/ruby-jwt#algorithms-and-usage
        JWT.decode(jwt, decode_key, true, decode_opts(head[:alg]))
      end