57 lines
1.1 KiB
Plaintext
57 lines
1.1 KiB
Plaintext
== How to fix it in jsonwebtoken
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,javascript,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
jwt.sign(payload, key, { algorithm: 'none' }); // Noncompliant
|
|
----
|
|
|
|
[source,javascript,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
jwt.verify(token, key, {
|
|
expiresIn: 360000,
|
|
algorithms: ['none'] // Noncompliant
|
|
}, callbackcheck);
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,javascript,diff-id=1,diff-type=compliant]
|
|
----
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
jwt.sign(payload, key, { algorithm: 'HS256' });
|
|
----
|
|
|
|
[source,javascript,diff-id=2,diff-type=compliant]
|
|
----
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
jwt.verify(token, key, {
|
|
expiresIn: 360000,
|
|
algorithms: ['HS256']
|
|
}, callbackcheck);
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/encode.adoc[]
|
|
|
|
include::../../common/fix/decode.adoc[]
|
|
|
|
=== Going the extra mile
|
|
|
|
include::../../common/extra-mile/key-storage.adoc[]
|
|
|
|
include::../../common/extra-mile/key-rotation.adoc[]
|
|
|