Removes the expected signature from the SignatureVerificationExceptio…

…n for security reasons
rpetz · Nov 29, 2016 · f6ac211 · f6ac211
1 parent fb517dc
commit f6ac211
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/JWT/JWT.cs b/src/JWT/JWT.cs
@@ -239,7 +239,7 @@ public static void Verify(string payloadJson, string decodedCrypto, string decod
         {
             if (decodedCrypto != decodedSignature)
             {
-                throw new SignatureVerificationException(string.Format("Invalid signature. Expected {0} got {1}", decodedCrypto, decodedSignature));
+	            throw new SignatureVerificationException("Invalid signature");
             }
 
             // verify exp claim https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.4