Authentication failure! Signature verification failed: JWT::VerificationError, Signature verification failed

Hello. Recently I updated couple of gem versions on my Ruby on Rails application, including omniauth, omniauth-auth0 and jwt gems to latest versions. There is a weird behavior. Now, when I click the login button on my web application, it makes a POST request to “/auth/auth0” and then makes couple of other requests and the Auth0 login page comes. I enter my credentials and then it makes a request to my “callback” url without doing anything there it response with “/auth/failure” and a message of “Signature verification failed”. Until here I may say okay, there is maybe something I am missing or doing wrong, but then if I click the login button of my web application one more time, right after I get failure response without doing anything else, then the Auth0 login page is not show up and I am logged in to my application. How this happens? I am attaching 3 files to display what kind of requests done. Number-1 is first time when I make the post request to ‘/auth/auth0’. Number-2 when I get ‘’/auth/failure" and Number-3 is when second time I make a post request to “/auth/auth0” and this time no Auth0 login form appears, I directly login to my application. The main question is what’s with the “Signature verification failed”?



3

Hey there!

The most effective way here to handle that would be to talk directly with maintainers of this part of the stack. Can I ask you to raise a GitHub issue here:

and then share a link to it here so I can ping them. Thank you!

1 Like