io.jsonwebtoken.security.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
KhanamDEV opened this issue · 1 comments
KhanamDEV commented
Hello friends,
I hope you can help me
This is my code:
package com.tkg.MasterSystem.services.impl;
import com.tkg.MasterSystem.payload.requests.authentication.SendSignInCodeRequest;
import com.tkg.MasterSystem.repositories.UserRepositoryInterface;
import com.tkg.MasterSystem.services.AuthenticationServiceInterface;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import javax.crypto.SecretKey;
import java.security.Key;
import java.util.Date;
import java.util.Objects;
@Service
public class AuthenticationService implements AuthenticationServiceInterface {
@Autowired
Environment environment;
private final UserRepositoryInterface userRepository;
public Key getSecretKey(){
byte[] keyBytes = Decoders.BASE64.decode(environment.getProperty("JWT_SECRET_KET"));
return Keys.hmacShaKeyFor(keyBytes);
}
@Autowired
public AuthenticationService(UserRepositoryInterface userRepositoryInterface) {
this.userRepository = userRepositoryInterface;
}
@Override
public boolean sendSignUpCode(SendSignInCodeRequest sendSignInCodeRequest) {
return userRepository.existsByEmail(sendSignInCodeRequest.getEmail());
}
@Override
public Claims extractAllClaims(String token) {
return Jwts
.parserBuilder()
.setSigningKey(getSecretKey())
.build()
.parseClaimsJws(token)
.getBody();
}
@Override
public String generateToken( UserDetails userDetails) {
return Jwts
.builder()
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 24 * 90))
.signWith(getSecretKey(),SignatureAlgorithm.HS256)
.compact();
}
@Override
public boolean isTokenValid(String token, UserDetails userDetails) {
Claims claims = extractAllClaims(token);
final String username = claims.getSubject();
Date tokenExpiration = claims.getExpiration();
return username.equals(userDetails.getUsername()) && tokenExpiration.before(new Date());
}
}
When I running my application and send any request, i get an error io.jsonwebtoken.security.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
with detail error in function extractAllClaims
when i parseClaimsJws
.
I'm not sure where I went wrong, can someone explain it to me, thanks
lhazlewood commented
Are you using the latest stable release using 0.11.5
?