67 lines
1.2 KiB
Plaintext
67 lines
1.2 KiB
Plaintext
== How to fix it in Auth0 JWT
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
import com.auth0.jwt.JWT;
|
|
|
|
public void encode() {
|
|
JWT.create()
|
|
.withSubject(SUBJECT)
|
|
.sign(Algorithm.none()); // Noncompliant
|
|
}
|
|
----
|
|
|
|
[source,java,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
import com.auth0.jwt.JWT;
|
|
|
|
public void decode() {
|
|
JWTVerifier verifier = JWT.require(Algorithm.none()) // Noncompliant
|
|
.withSubject(LOGIN)
|
|
.build();
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
import com.auth0.jwt.JWT;
|
|
|
|
public void encode() {
|
|
JWT.create()
|
|
.withSubject(SUBJECT)
|
|
.sign(Algorithm.HMAC256(SECRET_KEY));
|
|
}
|
|
----
|
|
|
|
[source,java,diff-id=2,diff-type=compliant]
|
|
----
|
|
import com.auth0.jwt.JWT;
|
|
|
|
public void decode() {
|
|
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET_KEY))
|
|
.withSubject(LOGIN)
|
|
.build();
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/encode.adoc[]
|
|
|
|
include::../../common/fix/decode.adoc[]
|
|
|
|
=== Going the extra mile
|
|
|
|
include::../../common/extra-mile/key-storage.adoc[]
|
|
|
|
include::../../common/extra-mile/key-rotation.adoc[]
|
|
|