forked from rohitcoderCdefense/vulnCodes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCWE-613.cs
32 lines (28 loc) · 1.09 KB
/
CWE-613.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using Microsoft.IdentityModel.Tokens;
namespace JWT
{
class Program
{
static void Main(string[] args)
{
var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("secret"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, "1234567890"),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)
};
var token = new JwtSecurityToken(
issuer: "https://localhost:5001",
audience: "https://localhost:5001",
claims: claims,
expires: DateTime.Now.AddHours(1),
signingCredentials: creds);
Console.WriteLine(new JwtSecurityTokenHandler().WriteToken(token));
}
}
}