public IDictionary <string, string> Decode(string token) { IDictionary <string, string> payload; _builder.MustVerifySignature().Decode <IDictionary <string, IDictionary <string, string> > >(token) .TryGetValue("payload", out payload); return(payload); }
public User Verify(string token) { try { var payload = Builder .MustVerifySignature() .Decode <IDictionary <string, object> >(token); return(new User { Id = (int)(Int64)payload["Id"], Email = (string)payload["Email"], Role = (UserRole)(Int64)payload["Role"], }); } catch (TokenExpiredException) { return(null); } catch (SignatureVerificationException) { return(null); } }
void DecodingWithBuilder() { var decoded1 = new JwtBuilder() // Noncompliant {{Use only strong cipher algorithms when verifying the signature of this JWT.}} .WithSecret(secret) .Decode(invalidToken); var decoded2 = new JwtBuilder() .WithSecret(secret) .MustVerifySignature() .Decode(invalidToken); var builder1 = new JwtBuilder().WithSecret(secret); builder1.Decode(invalidToken); // Noncompliant try { if (true) { builder1.Decode(invalidToken); // Noncompliant, tracking outside nested block } } finally { } var builder2 = builder1.MustVerifySignature(); builder2.Decode(invalidToken); var builder3 = new JwtBuilder().WithSecret(secret).MustVerifySignature(); builder3.Decode(invalidToken); var builder4 = (((new JwtBuilder()).WithSecret(secret))); builder4.Decode(invalidToken); // Noncompliant var builder5 = new JwtBuilder().WithSecret(secret).DoNotVerifySignature(); builder5.Decode(invalidToken); // Noncompliant var decoded11 = new JwtBuilder() // Noncompliant .WithSecret(secret) .WithVerifySignature(true) .MustVerifySignature() .DoNotVerifySignature() .Decode(invalidToken); var Decoded12 = new JwtBuilder() .WithSecret(secret) .WithVerifySignature(false) .DoNotVerifySignature() .MustVerifySignature() .Decode(invalidToken); var Decoded21 = new JwtBuilder() .WithSecret(secret) .DoNotVerifySignature() .WithVerifySignature(false) .WithVerifySignature(true) .Decode(invalidToken); var Decoded31 = new JwtBuilder() // Noncompliant .WithSecret(secret) .MustVerifySignature() .WithVerifySignature(true) .WithVerifySignature(false) .Decode(invalidToken); }