I have a Node.js system that uses JWT to authenticate users and services. This system runs in MS Azure in Docker containers in Kubernetes pods. There is also a small, local client that is used to communicate with a local TCP server for sending and receiving data. This local client runs as a Windows service.
For years this system has run with no problems. The local client receives POST messages from the local web-ui with data that needs to be sent to the TCP server. The local web-ui app authenticates to the client (and to the cloud services) with JWT. The token is generated by a service in the Azure cloud running as a Docker container in a Kube pod. The algorithm used is RS256. Everything has been working just fine.
The system is running in a number of separate Azure spaces; one for Dev and QA, one for Staging and Demo, and one for production and commercial. They all run exactly the same code (with some version variation) and all have the exact same private and public keys.
Now the issue. When the local client receives a JWT from the web-ui, it verifies it and then forwards it to the cloud server in a POST using the received token to authenticate to the cloud service. This works well and I have had no issues with it for many months during development and QA. But, when the system is deployed to the Staging Azure environment, The tokens now throw an invalid signature error. I flip from one Azure environment to the other (same local client), and in one it works and in the other, invalid signature. The web-ui and cloud services seem to have no problem with the token.
My question is what environmental factor could affect the way the tokens are generated? The code is exactly the same. The public and private keys are exactly the same. Everything is exactly the same except for the fact that it is a different Azure stack. It must be something in the way that the Azure environment was set up. Could it be a certificate issue?
I’m stumped. Any help or suggestion on where to start looking would be much appreciated.
Thanks in advance.