== How to fix it in Jwt.Net

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,vbnet,diff-id=1,diff-type=noncompliant]
----
Imports JWT

Public Sub Decode(decoder AS IJwtDecoder)
    Dim decoded As String = decoder.Decode(token, secret, verify:= false) ' Noncompliant
End Sub
----

[source,vbnet,diff-id=2,diff-type=noncompliant]
----
Imports JWT

Public Sub Decode()
    Dim decoded As String = new JwtBuilder()
        .WithSecret(secret)
        .Decode(token) ' Noncompliant
End Sub
----

==== Compliant solution

[source,vbnet,diff-id=1,diff-type=compliant]
----
Imports JWT

Public Sub Decode(decoder AS IJwtDecoder)
    Dim decoded As String = decoder.Decode(token, secret, verify:= true)
End Sub
----

When using `JwtBuilder`, make sure to call `MustVerifySignature()`.

[source,vbnet,diff-id=2,diff-type=compliant]
----
Imports JWT

Public Sub Decode()
    Dim decoded As String = new JwtBuilder()
        .WithSecret(secret)
        .MustVerifySignature()
        .Decode(token)
End Sub
----

=== How does this work?

include::../../common/fix/decode.adoc[]

=== Going the extra mile

include::../../common/extra-mile/key-storage.adoc[]

include::../../common/extra-mile/key-rotation.adoc[]