Test vectors for proposed Branca attack

test/ScottBrady.IdentityModel.Tests/Tokens/Branca/BrancaTestVectors.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Security.Cryptography;
 using FluentAssertions;
 using Microsoft.IdentityModel.Tokens;
 using ScottBrady.IdentityModel.Tokens;
@@ -95,5 +96,17 @@ public void ValidateToken_TestTokenWithWrongVersion()
 
             exception.Message.Should().Be("Unsupported Branca version");
         }
+
+        [Fact]
+        public void ValidateToken_CiphertextModification_ExpectSecurityTokenException()
+        {
+            var handler = new BrancaTokenHandler();
+
+            var token = handler.CreateToken("test", key);
+            var decoded = Base62.Decode(token);
+            decoded[decoded.Length - 17] ^= 1; // Last byte before the Poly1305 tag
+
+            Assert.Throws<CryptographicException>(() => handler.DecryptToken(Base62.Encode(decoded), key));
+        }
     }
 }