public void Authenticated_RejectButHasPayloadForTokensWithInvalidSignature()
{
var differingEncryptor = HmacEncryptor.CreateSha512("secret");
var result = new Authenticator(_encryptor).Authenticate(CreateAcceptableJwtToken(differingEncryptor));
AssertBadSignature(result);
}
public void Authenticated_RejectButHasPayloadForTokensWhichAreNotLabelledToUseTheSameEncryptionAlgorithm()
{
var encryptor = HmacEncryptor.CreateSha512("secret");
var header = new JObject();
header["alg"] = "HS256";
header["typ"] = "JWT";
var result = new Authenticator(encryptor).Authenticate(CreateJwtToken(header, CreateAcceptablePayload(), encryptor));
AssertMismatchedHeaders(result);
}