Hi we are trying to generate JWT/JWS token from jsrsasign.js library using HS256 algorithm.
And we successfully generated the token at front end and able to validate at front end.
But when we pass the same token to server side which is using io.jsonwebtoken we are getting exception saying that signature is invalid.Below is the java code that we are using to validate the token.
Jwts.parser().setSigningKey(secretKey).parseClaimsJws(incomming token);
And the client side script for generating the token is same as provide in web site
// Header
var oHeader = {alg: 'HS256'};
// Payload
var oPayload = {};
var tNow = KJUR.jws.IntDate.get('now');
var tEnd = KJUR.jws.IntDate.get('now + 1day');
oPayload.iss = "http://foo.com";
oPayload.sub = "mailto:mike@foo.com";
oPayload.nbf = tNow;
oPayload.iat = tNow;
oPayload.exp = tEnd;
oPayload.jti = "id123456";
oPayload.aud = "http://foo.com/employee";
// Sign JWT, password=616161
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
var sJWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "616161");
The secrete key is same at both locations.
Please provide code to verify the token at server side using java