== How to fix it in jsonwebtoken

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,javascript,diff-id=1,diff-type=noncompliant]
----
const jwt = require('jsonwebtoken');

jwt.sign(payload, key, { algorithm: 'none' }); // Noncompliant
----

[source,javascript,diff-id=2,diff-type=noncompliant]
----
const jwt = require('jsonwebtoken');

jwt.verify(token, key, {
    expiresIn: 360000,
    algorithms: ['none'] // Noncompliant
}, callbackcheck);
----

==== Compliant solution

[source,javascript,diff-id=1,diff-type=compliant]
----
const jwt = require('jsonwebtoken');

jwt.sign(payload, key, { algorithm: 'HS256' });
----

[source,javascript,diff-id=2,diff-type=compliant]
----
const jwt = require('jsonwebtoken');

jwt.verify(token, key, {
    expiresIn: 360000,
    algorithms: ['HS256']
}, callbackcheck);
----

=== How does this work?

include::../../common/fix/encode.adoc[]

include::../../common/fix/decode.adoc[]

=== Going the extra mile

include::../../common/extra-mile/key-storage.adoc[]

include::../../common/extra-mile/key-rotation.adoc[]