access_token invalid signature on jwt.io but not on the React.js tutorial

Hi,
Part 3 of the React.js quick start tutorial sets you up with a server listening on :3001 and provides you with the React app code as well. It’s pretty much filled out and all I had to do was set the .env variables and a few others to get the /private endpoint to work. However, the same access_token that’s provided to the client also gets an invalid signature on the jwt.io debugger. Why?