rspec/rules/S5659/python/how-to-fix-it/pyjwt.adoc

== How to fix it in PyJWT

=== Code examples

include::../../common/fix/code-rationale-decode.adoc[]

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
import jwt

jwt.decode(token, options={"verify_signature":False}) # Noncompliant
----

==== Compliant solution

By default, verification is enabled for the method `decode`.

[source,python,diff-id=1,diff-type=compliant]
----
import jwt

jwt.decode(token, key, algorithms="HS256")
----

=== How does this work?

include::../../common/fix/decode.adoc[]

=== Going the extra mile

include::../../common/extra-mile/key-storage.adoc[]

include::../../common/extra-mile/key-rotation.adoc[]
Modify rule S5659: LaYC format (#2272) 2023-06-28 16:26:16 +02:00			`== How to fix it in PyJWT`

			`=== Code examples`

			`include::../../common/fix/code-rationale-decode.adoc[]`

			`==== Noncompliant code example`

			`[source,python,diff-id=1,diff-type=noncompliant]`
			`----`
			`import jwt`

Improve code example (#3461) 2023-11-24 14:27:13 +01:00			`jwt.decode(token, options={"verify_signature":False}) # Noncompliant`
Modify rule S5659: LaYC format (#2272) 2023-06-28 16:26:16 +02:00			`----`

			`==== Compliant solution`

			By default, verification is enabled for the method `decode`.

			`[source,python,diff-id=1,diff-type=compliant]`
			`----`
			`import jwt`

			`jwt.decode(token, key, algorithms="HS256")`
			`----`

			`=== How does this work?`

			`include::../../common/fix/decode.adoc[]`

			`=== Going the extra mile`

			`include::../../common/extra-mile/key-storage.adoc[]`

			`include::../../common/extra-mile/key-rotation.adoc[]`