Without using signature, to find the payload:
jws = header . payload . signature(header.payload.secret)
The important point here is that you (not JWT) are
violating the specification by manipulating the JWS, and you're doing it
in a calculated way based on your specific use case. This is fine for
individual use cases, but...
