Unable to verify signature
emt2dev opened this issue · 2 comments
Describe the bug
I've tried to create and parse a jwt using spring boot api and jwt.io
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdHRkc2FkYWRzZHRAdXNlci5jb20ifQ.GEiJSiu6EdSHKexspsHFOjmo9dwH_lV94KWrZLiZOQs
shows as invalid signature on jwt.io
To Reproduce
I've kept it very simple:
SecretKey key = Jwts.SIG.HS256.key().build();
return Jwts.builder().subject(userDetails.getUsername()).signWith(key).compact();
Expected behavior
I'd like to have a valid jwt.
You need to let jwt.io know the key in order for it to verify the signature.
Just paste the base64 encoded key into the text box on the bottom right saying "your-256-bit-secret".
java.util.Base64.getEncoder().encodeToString(key.getEncoded());
This is not a bug, and jwt.io
is not part of the JJWT project. Moving this to discussions per https://github.com/jwtk/jjwt#help-questions