The parse method does not throw an error when it parses an unsigned JSON web token (JWT). This could result in downgrade attacks. Instead, use the parseClaimsJws method.
parse
parseClaimsJws