Authentication failure! Signature verification failed: JWT::VerificationError, Signature verification failed

Hello. Recently I updated couple of gem versions on my Ruby on Rails application, including omniauth, omniauth-auth0 and jwt gems to latest versions. There is a weird behavior. Now, when I click the login button on my web application, it makes a POST request to “/auth/auth0” and then makes couple of other requests and the Auth0 login page comes. I enter my credentials and then it makes a request to my “callback” url without doing anything there it response with “/auth/failure” and a message of “Signature verification failed”. Until here I may say okay, there is maybe something I am missing or doing wrong, but then if I click the login button of my web application one more time, right after I get failure response without doing anything else, then the Auth0 login page is not show up and I am logged in to my application. How this happens? I am attaching 3 files to display what kind of requests done. Number-1 is first time when I make the post request to ‘/auth/auth0’. Number-2 when I get ‘’/auth/failure" and Number-3 is when second time I make a post request to “/auth/auth0” and this time no Auth0 login form appears, I directly login to my application. The main question is what’s with the “Signature verification failed”?


Hey there!

The most effective way here to handle that would be to talk directly with maintainers of this part of the stack. Can I ask you to raise a GitHub issue here:

and then share a link to it here so I can ping them. Thank you!

1 Like