How to validate the jwt on server?

From client, I sent a RS256 to the server.

In server, I am using jsonwebtoken to validate it.
However, it requires a secret key:

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if (err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
  else {
    next(new Error('Authentication error'));

How to get the secret key?

Hi @ywj79310,

Welcome to the Auth0 Community!

For an RS256 signed token, you will need the token’s Public Key. You can manually add the key to that library, or fetch the JWKS programatically. There are examples of both in the README for that library: GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js

If you are using Auth0, you can find the key following this resource:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.