JWT must always be verified

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: csharp-security/jwt-verify

Language: C#

Severity: Warning

Category: Security

CWE: 347

Description

Preventing JWT validation may lead to unauthorized access. Make sure that tokens are always verified.

Learn More

Non-Compliant Code Examples

using System.Xml;

class MyClass {
    public static void decodePayload()
    {
        JwtDecoder decoder = null;
        decoder.Decode(token, secret, false);
        decoder.Decode(token, secret, verify: false);
    }
}

Compliant Code Examples

using System.Xml;

class MyClass {
    public static void decodePayload()
    {
        JwtDecoder decoder = null;
        decoder.Decode(token, secret, true);
        decoder.Decode(token, secret, verify: true);
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis