How to verify signature in the debugger for RS256?

uclaeagit · October 15, 2018, 7:01pm

Does verify signature in the jwt debugger work with RSA256? I’ve tried tons of different encodings and nothing I can do gets it to show signature verified. But I know it’s good as I’m verifying it with the client-side jsrassign library. Here is my public key:

{
  alg: "RS256",
  e: "AQAB",
  kid: "FDYc3/dIQSHEhRDIj00TvDwc3XPadxsAGGCTdskt0mY=",
  kty: "RSA",
  n: "jN7TL705q33CeJHgIzQVfg5YFFfl3ta4nnBIi1DccxOUE1AH8lyRP7CguAfdVVkggf3w8OlBb_FOTlFishAkukUvnhPGIklxVkBZK8fj7q09BB8A2GGXRUX0xUUsREmGR487IxUw0DzPVfdpMmcZKt4jYK64HilfP-Nbfnq1BSqBBuuOsSjWa1myc9KgAGOMSXSmabTQM91yY3imuP5ldORsl009qEJBmh9f9HRnp9UhuwOixuwM54kVkgEUS065q4vpczvgiDm9dejkijtfa3Zi1Eh1dAeXHSF9cbhMT3j2V1k1Uj3b5VwrV95llNiUDlrbOmtWgOY3Vljeh6-Aow",
  use: "sig"
}

I can see the client-side libary is converting the modulus to BigInteger. Do I need to do that, and if so how would I do that in the jwt.io debugger?

Thanks a lot.

Matt

nicolas_sabena · October 24, 2018, 1:06am

Hi Matt. You need to paste the public key certificate in PEM format, like this:

-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIJObB6jmhG0[......]3MMYmc=
-----END CERTIFICATE-----

Line breaks won’t affect the results.
You can get your tenant’s public key certificate from https://{yourauth0domain}/pem.

system · August 27, 2019, 1:41pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why does jwt.verify() give "invalid signature"? JWT.io	13	92475	January 22, 2019
Jwt.io debug tool problem report JWT.io	1	871	December 10, 2023
Why does the token change when private key is entered in verify signature? JWT.io jwt , api	5	109	August 6, 2024
Add ES256K support to the jwt.io debugger JWT.io feature-request , jwtio	2	4154	April 9, 2020
Token verification Failed - invalid signature Help invalid-signature , tier1 , verification	3	9686	March 2, 2018

How to verify signature in the debugger for RS256?

Related Topics