Failure to verify a user's identity results in improper authentication. This can allow an attacker to acquire privileges to access sensitive data in your application.
1def improper_authentication_noncompliant(token):
2 import jwt
3 # Noncompliant: The verify flag is set to false.
4 jwt.decode(token, verify=False)
1def improper_authentication_compliant(token):
2 import jwt
3 # Compliant: The verify flag is set to true.
4 jwt.decode(token, verify=True)