From e1105be4ae4c53eeac3b47355c78010dbee4db65 Mon Sep 17 00:00:00 2001
From: Micah Morrison <micahmorrison95@gmail.com>
Date: Fri, 9 Jun 2023 00:35:29 -0400
Subject: [PATCH 1/3] Fix JWT key validation

---
 .../JwtDecoderEncoder/JwtDecoder.cs           |  8 ++-
 .../JwtDecoderControlViewModel.cs             | 21 ++++----
 .../JwtEncoderControlViewModel.cs             |  2 +-
 .../Providers/Tools/JwtDecoderEncoderTests.cs | 16 +++---
 .../Providers/Tools/JwtDecoderTests.cs        | 52 +++++++++----------
 5 files changed, 51 insertions(+), 48 deletions(-)

diff --git a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
index 58a2fe33ff..969b05a105 100644
--- a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
+++ b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
@@ -33,12 +33,13 @@ public class JwtDecoder
         public TokenResult? DecodeToken(
                 DecoderParameters decodeParameters,
                 TokenParameters tokenParameters,
-                Action<TokenResultErrorEventArgs> decodingErrorCallBack)
+                Action<TokenResultErrorEventArgs> decodingErrorCallBack, out JwtAlgorithm? jwtAlgorithm)
         {
             Arguments.NotNull(decodeParameters, nameof(decodeParameters));
             Arguments.NotNull(tokenParameters, nameof(tokenParameters));
             _decodingErrorCallBack = Arguments.NotNull(decodingErrorCallBack, nameof(decodingErrorCallBack));
             Arguments.NotNullOrWhiteSpace(tokenParameters.Token, nameof(tokenParameters.Token));
+            jwtAlgorithm = null;
 
             var tokenResult = new TokenResult();
 
@@ -49,7 +50,10 @@ public class JwtDecoder
                 JwtSecurityToken jwtSecurityToken = handler.ReadJwtToken(tokenParameters.Token);
                 tokenResult.Header = JsonHelper.Format(jwtSecurityToken.Header.SerializeToJson(), Indentation.TwoSpaces, false);
                 tokenResult.Payload = JsonHelper.Format(jwtSecurityToken.Payload.SerializeToJson(), Indentation.TwoSpaces, false);
-                tokenResult.TokenAlgorithm = tokenParameters.TokenAlgorithm;
+                jwtAlgorithm = tokenResult.TokenAlgorithm = tokenParameters.TokenAlgorithm =
+                    Enum.TryParse(jwtSecurityToken.SignatureAlgorithm, out JwtAlgorithm parsedAlgorithm)
+                        ? parsedAlgorithm
+                        : tokenParameters.TokenAlgorithm;
 
                 if (decodeParameters.ValidateSignature)
                 {
diff --git a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoderControlViewModel.cs b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoderControlViewModel.cs
index 155d8f03e8..a20d885b34 100644
--- a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoderControlViewModel.cs
+++ b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoderControlViewModel.cs
@@ -70,33 +70,32 @@ public void Receive(JwtJobAddedMessage message)
                 tokenParameters.ValidAudiences = ValidAudiences!.Split(',').ToHashSet();
             }
 
-            TokenResult? result = _decoder.DecodeToken(decoderParamters, tokenParameters, TokenErrorCallBack);
+            TokenResult? result = _decoder.DecodeToken(decoderParamters, tokenParameters, TokenErrorCallBack, out JwtAlgorithm? jwtAlgorithm);
 
             ThreadHelper.RunOnUIThreadAsync(ThreadPriority.Low, () =>
             {
-                if (result is null)
-                {
-                    return;
-                }
-
-                Header = result.Header;
-                Payload = result.Payload;
-
                 if (ValidateSignature)
                 {
                     RequireSignature = true;
-                    if (result.TokenAlgorithm is
+                    if (jwtAlgorithm is
+                        not null and
                         not JwtAlgorithm.HS256 and
                         not JwtAlgorithm.HS384 and
                         not JwtAlgorithm.HS512)
                     {
                         RequireSignature = false;
                     }
+                }
 
+                if (result is null)
+                {
+                    return;
                 }
 
-                DisplayValidationInfoBar();
+                Header = result.Header;
+                Payload = result.Payload;
 
+                DisplayValidationInfoBar();
 
                 if (ToolSuccessfullyWorked)
                 {
diff --git a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtEncoderControlViewModel.cs b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtEncoderControlViewModel.cs
index 5343a1b3bf..78ec80d3b9 100644
--- a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtEncoderControlViewModel.cs
+++ b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtEncoderControlViewModel.cs
@@ -213,7 +213,7 @@ AlgorithmMode.Value is JwtAlgorithm.HS384 ||
                 {
                     Token = result.Token;
                 }
-                HasError = JwtValidation.IsValid!;
+                HasError = !JwtValidation.IsValid;
                 if (ToolSuccessfullyWorked)
                 {
                     ToolSuccessfullyWorked = true;
diff --git a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderEncoderTests.cs b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderEncoderTests.cs
index f2ecbb8128..c6e037e423 100644
--- a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderEncoderTests.cs
+++ b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderEncoderTests.cs
@@ -67,7 +67,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Basic_HS_Token_Without_S
             };
 
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -126,7 +126,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Complex_HS_Token_With_Si
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -165,7 +165,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Basic_RS_Token_Without_S
             };
 
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -222,7 +222,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Complex_RS_Token_With_Si
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -261,7 +261,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Basic_PS_Token_Without_S
             };
 
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -318,7 +318,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Complex_PS_Token_With_Si
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -357,7 +357,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Basic_ES_Token_Without_S
             };
 
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -414,7 +414,7 @@ public async Task JwtDecoderEncoder_Generate_And_Decode_Complex_ES_Token_With_Si
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
diff --git a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
index 6a07378ccd..cfcb4828e2 100644
--- a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
+++ b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
@@ -33,7 +33,7 @@ public void TestInitialize()
         public void JwtDecoder_DecodeToken_With_Null_DecoderParameters_Should_Throw_ArgumentNullException()
         {
             var jwtDecoder = new JwtDecoder();
-            jwtDecoder.DecodeToken(null, null, DecodingErrorCallBack);
+            jwtDecoder.DecodeToken(null, null, DecodingErrorCallBack, out _);
         }
 
         [TestMethod]
@@ -41,7 +41,7 @@ public void JwtDecoder_DecodeToken_With_Null_DecoderParameters_Should_Throw_Argu
         public void JwtDecoder_DecodeToken_With_Null_TokenParameters_Should_Throw_ArgumentNullException()
         {
             var jwtDecoder = new JwtDecoder();
-            jwtDecoder.DecodeToken(new DecoderParameters(), null, DecodingErrorCallBack);
+            jwtDecoder.DecodeToken(new DecoderParameters(), null, DecodingErrorCallBack, out _);
         }
 
         [TestMethod]
@@ -49,7 +49,7 @@ public void JwtDecoder_DecodeToken_With_Null_TokenParameters_Should_Throw_Argume
         public void JwtDecoder_DecodeToken_With_Null_TokenResultErrorEventArgs_Should_Throw_ArgumentNullException()
         {
             var jwtDecoder = new JwtDecoder();
-            jwtDecoder.DecodeToken(new DecoderParameters(), new TokenParameters(), null);
+            jwtDecoder.DecodeToken(new DecoderParameters(), new TokenParameters(), null, out _);
         }
 
         [TestMethod]
@@ -64,7 +64,7 @@ public void JwtDecoder_DecodeToken_With_Null_Token_Should_Throw_ArgumentNullExce
 
 
             var jwtDecoder = new JwtDecoder();
-            jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
         }
 
         [TestMethod]
@@ -78,7 +78,7 @@ public void JwtDecoder_DecodeToken_With_Invalid_Token_Should_Fail_With_Error()
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -104,7 +104,7 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_Validation_A
             };
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -131,7 +131,7 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_And_Invalid_
             };
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -158,7 +158,7 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_And_Invalid_
             };
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -189,7 +189,7 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_And_Invalid_
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -219,7 +219,7 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_And_Invalid_
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNull(result);
             Assert.IsNotNull(_validationResult);
@@ -241,7 +241,7 @@ public async Task JwtDecoder_Decode_Basic_HS_Token_Without_Signature_Validation(
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -266,7 +266,7 @@ public async Task JwtDecoder_Decode_Basic_HS_Token_With_Signature_Validation()
                 Signature = signature
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -288,7 +288,7 @@ public async Task JwtDecoder_Decode_Complex_HS_Token_Without_Signature_Validatio
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -318,7 +318,7 @@ public async Task JwtDecoder_Decode_Complex_HS_Token_With_Signature_Validation()
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -345,7 +345,7 @@ public async Task JwtDecoder_Decode_Basic_RS_Token_Without_Signature_Validation(
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -370,7 +370,7 @@ public async Task JwtDecoder_Decode_Basic_RS_Token_With_Signature_Validation()
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -391,7 +391,7 @@ public async Task JwtDecoder_Decode_Complex_RS_Token_Without_Signature_Validatio
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -421,7 +421,7 @@ public async Task JwtDecoder_Decode_Complex_RS_Token_With_Signature_Validation()
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -448,7 +448,7 @@ public async Task JwtDecoder_Decode_Basic_PS_Token_Without_Signature_Validation(
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -473,7 +473,7 @@ public async Task JwtDecoder_Decode_Basic_PS_Token_With_Signature_Validation()
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -494,7 +494,7 @@ public async Task JwtDecoder_Decode_Complex_PS_Token_Without_Signature_Validatio
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -524,7 +524,7 @@ public async Task JwtDecoder_Decode_Complex_PS_Token_With_Signature_Validation()
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -551,7 +551,7 @@ public async Task JwtDecoder_Decode_Basic_ES_Token_Without_Signature_Validation(
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -576,7 +576,7 @@ public async Task JwtDecoder_Decode_Basic_ES_Token_With_Signature_Validation()
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -597,7 +597,7 @@ public async Task JwtDecoder_Decode_Complex_ES_Token_Without_Signature_Validatio
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
@@ -627,7 +627,7 @@ public async Task JwtDecoder_Decode_Complex_ES_Token_With_Signature_Validation()
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);

From 6d8dfd0c3a7a2068bbe1f0d1e2ced62dee02c7fc Mon Sep 17 00:00:00 2001
From: Micah Morrison <micahmorrison95@gmail.com>
Date: Mon, 12 Jun 2023 00:09:21 -0400
Subject: [PATCH 2/3] Reformat parameters for DecodeToken

---
 .../Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
index 969b05a105..77e605dbeb 100644
--- a/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
+++ b/src/dev/impl/DevToys/ViewModels/Tools/EncodersDecoders/JwtDecoderEncoder/JwtDecoder.cs
@@ -33,7 +33,8 @@ public class JwtDecoder
         public TokenResult? DecodeToken(
                 DecoderParameters decodeParameters,
                 TokenParameters tokenParameters,
-                Action<TokenResultErrorEventArgs> decodingErrorCallBack, out JwtAlgorithm? jwtAlgorithm)
+                Action<TokenResultErrorEventArgs> decodingErrorCallBack,
+                out JwtAlgorithm? jwtAlgorithm)
         {
             Arguments.NotNull(decodeParameters, nameof(decodeParameters));
             Arguments.NotNull(tokenParameters, nameof(tokenParameters));

From 029433303d304d6ff738988b32e561816c90460e Mon Sep 17 00:00:00 2001
From: Micah Morrison <micahmorrison95@gmail.com>
Date: Mon, 12 Jun 2023 00:28:57 -0400
Subject: [PATCH 3/3] Assert algorithm set correctly

---
 .../Providers/Tools/JwtDecoderTests.cs        | 61 +++++++++----------
 1 file changed, 30 insertions(+), 31 deletions(-)

diff --git a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
index cfcb4828e2..72f5d56aa7 100644
--- a/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
+++ b/src/tests/DevToys.Tests/Providers/Tools/JwtDecoderTests.cs
@@ -212,7 +212,6 @@ public async Task JwtDecoder_DecodeToken_Valid_Token_With_Signature_And_Invalid_
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.RS512,
                 Token = await TestDataProvider.GetFileContent("Jwt.RS.BasicToken.txt"),
                 PublicKey = publicKey,
                 ValidIssuers = new HashSet<string> { "devtoys" },
@@ -235,18 +234,18 @@ public async Task JwtDecoder_Decode_Basic_HS_Token_Without_Signature_Validation(
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.HS256,
                 Token = await TestDataProvider.GetFileContent("Jwt.HS.BasicToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.HS256);
         }
 
         [TestMethod]
@@ -261,17 +260,17 @@ public async Task JwtDecoder_Decode_Basic_HS_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.HS256,
                 Token = await TestDataProvider.GetFileContent("Jwt.HS.BasicToken.txt"),
                 Signature = signature
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? jwtAlgorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.Signature, signature);
+            Assert.AreEqual(jwtAlgorithm, JwtAlgorithm.HS256);
         }
 
         [TestMethod]
@@ -282,18 +281,18 @@ public async Task JwtDecoder_Decode_Complex_HS_Token_Without_Signature_Validatio
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.HS512,
                 Token = await TestDataProvider.GetFileContent("Jwt.HS.ComplexToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.HS256);
         }
 
         [TestMethod]
@@ -339,18 +338,18 @@ public async Task JwtDecoder_Decode_Basic_RS_Token_Without_Signature_Validation(
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.RS256,
                 Token = await TestDataProvider.GetFileContent("Jwt.RS.BasicToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.RS256);
         }
 
         [TestMethod]
@@ -365,17 +364,17 @@ public async Task JwtDecoder_Decode_Basic_RS_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.RS384,
                 Token = await TestDataProvider.GetFileContent("Jwt.RS.BasicToken.txt"),
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.RS256);
         }
 
         [TestMethod]
@@ -385,17 +384,17 @@ public async Task JwtDecoder_Decode_Complex_RS_Token_Without_Signature_Validatio
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.RS512,
                 Token = await TestDataProvider.GetFileContent("Jwt.RS.ComplexToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.RS256);
         }
 
         [TestMethod]
@@ -414,20 +413,20 @@ public async Task JwtDecoder_Decode_Complex_RS_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.RS384,
                 Token = await TestDataProvider.GetFileContent("Jwt.RS.ComplexToken.txt"),
                 PublicKey = publicKey,
                 ValidIssuers = new HashSet<string> { "devtoys" },
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.RS256);
         }
 
         #endregion
@@ -442,18 +441,18 @@ public async Task JwtDecoder_Decode_Basic_PS_Token_Without_Signature_Validation(
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.PS256,
                 Token = await TestDataProvider.GetFileContent("Jwt.PS.BasicToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.PS256);
         }
 
         [TestMethod]
@@ -468,17 +467,17 @@ public async Task JwtDecoder_Decode_Basic_PS_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.PS384,
                 Token = await TestDataProvider.GetFileContent("Jwt.PS.BasicToken.txt"),
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.PS256);
         }
 
         [TestMethod]
@@ -488,17 +487,17 @@ public async Task JwtDecoder_Decode_Complex_PS_Token_Without_Signature_Validatio
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.PS512,
                 Token = await TestDataProvider.GetFileContent("Jwt.PS.ComplexToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.PS256);
         }
 
         [TestMethod]
@@ -517,20 +516,20 @@ public async Task JwtDecoder_Decode_Complex_PS_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.PS384,
                 Token = await TestDataProvider.GetFileContent("Jwt.PS.ComplexToken.txt"),
                 PublicKey = publicKey,
                 ValidIssuers = new HashSet<string> { "devtoys" },
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.PS256);
         }
 
         #endregion
@@ -545,18 +544,18 @@ public async Task JwtDecoder_Decode_Basic_ES_Token_Without_Signature_Validation(
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.ES256,
                 Token = await TestDataProvider.GetFileContent("Jwt.ES.BasicToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.ES256);
         }
 
         [TestMethod]
@@ -571,17 +570,17 @@ public async Task JwtDecoder_Decode_Basic_ES_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.ES256,
                 Token = await TestDataProvider.GetFileContent("Jwt.ES.BasicToken.txt"),
                 PublicKey = publicKey,
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.ES256);
         }
 
         [TestMethod]
@@ -591,17 +590,17 @@ public async Task JwtDecoder_Decode_Complex_ES_Token_Without_Signature_Validatio
             var decodeParameters = new DecoderParameters();
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.ES512,
                 Token = await TestDataProvider.GetFileContent("Jwt.ES.ComplexToken.txt")
             };
 
 
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Payload, payload);
+            Assert.AreEqual(algorithm, JwtAlgorithm.ES256);
         }
 
         [TestMethod]
@@ -620,20 +619,20 @@ public async Task JwtDecoder_Decode_Complex_ES_Token_With_Signature_Validation()
             };
             var tokenParameters = new TokenParameters()
             {
-                TokenAlgorithm = JwtAlgorithm.ES384,
                 Token = await TestDataProvider.GetFileContent("Jwt.ES.ComplexToken.txt"),
                 PublicKey = publicKey,
                 ValidIssuers = new HashSet<string> { "devtoys" },
                 ValidAudiences = new HashSet<string> { "devtoys" },
             };
             var jwtDecoder = new JwtDecoder();
-            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out _);
+            TokenResult result = jwtDecoder.DecodeToken(decodeParameters, tokenParameters, DecodingErrorCallBack, out JwtAlgorithm? algorithm);
 
             Assert.IsNotNull(result);
             Assert.IsNull(_validationResult);
             Assert.AreEqual(result.Header, header);
             Assert.AreEqual(result.Payload, payload);
             Assert.AreEqual(result.PublicKey, publicKey);
+            Assert.AreEqual(algorithm, JwtAlgorithm.ES256);
         }
 
         #endregion