# FastAPI JWT Security Issues

- ID: fastapi-jwt-security
- Severity: HIGH
- CWE: Improper Signature Verification (CWE-347)
- Languages: Python
- Frameworks: fastapi

## Description

Detects JWT security issues in FastAPI applications including:
- Weak or hardcoded secrets
- Missing algorithm verification
- Insufficient token validation
- Insecure token storage patterns

## Detection Message

JWT implementation has security vulnerabilities

## Remediation

Load JWT secret from environment and explicitly specify the algorithm.

```python
from pydantic_settings import BaseSettings
from jose import jwt

class Settings(BaseSettings):
    SECRET_KEY: str
    ALGORITHM: str = "HS256"

settings = Settings()

def decode_token(token: str):
    return jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
```

Learn more: https://shoulder.dev/learn/python/cwe-347/jwt-security

## Documentation

[object Object]

## Related Rules

- **JWT Security Vulnerabilities** [HIGH]: 
- **JWT Decode Without Verification** [HIGH]: 
- **JWT Algorithm Confusion Attack** [CRITICAL]: