68 lines
1.2 KiB
Plaintext
68 lines
1.2 KiB
Plaintext
== How to fix it in Jwt.Net
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale-decode.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,csharp,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
using JWT;
|
|
|
|
public static void decode(IJwtDecoder decoder)
|
|
{
|
|
decoder.Decode(token, secret, verify: false); // Noncompliant
|
|
}
|
|
----
|
|
|
|
[source,csharp,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
using JWT;
|
|
|
|
public static void decode()
|
|
{
|
|
var jwt = new JwtBuilder()
|
|
.WithSecret(secret)
|
|
.Decode(token); // Noncompliant
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,csharp,diff-id=1,diff-type=compliant]
|
|
----
|
|
using JWT;
|
|
|
|
public static void decode(IJwtDecoder decoder)
|
|
{
|
|
decoder.Decode(token, secret, verify: true);
|
|
}
|
|
----
|
|
|
|
When using `JwtBuilder`, make sure to call `MustVerifySignature()`.
|
|
|
|
[source,csharp,diff-id=2,diff-type=compliant]
|
|
----
|
|
using JWT;
|
|
|
|
public static void decode()
|
|
{
|
|
var jwt = new JwtBuilder()
|
|
.WithSecret(secret)
|
|
.MustVerifySignature()
|
|
.Decode(token);
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/decode.adoc[]
|
|
|
|
=== Going the extra mile
|
|
|
|
include::../../common/extra-mile/key-storage.adoc[]
|
|
|
|
include::../../common/extra-mile/key-rotation.adoc[]
|
|
|