How to verify signature in the debugger for RS256?

uclaeagit · October 15, 2018, 7:01pm

Does verify signature in the jwt debugger work with RSA256? I’ve tried tons of different encodings and nothing I can do gets it to show signature verified. But I know it’s good as I’m verifying it with the client-side jsrassign library. Here is my public key:

{
  alg: "RS256",
  e: "AQAB",
  kid: "FDYc3/dIQSHEhRDIj00TvDwc3XPadxsAGGCTdskt0mY=",
  kty: "RSA",
  n: "jN7TL705q33CeJHgIzQVfg5YFFfl3ta4nnBIi1DccxOUE1AH8lyRP7CguAfdVVkggf3w8OlBb_FOTlFishAkukUvnhPGIklxVkBZK8fj7q09BB8A2GGXRUX0xUUsREmGR487IxUw0DzPVfdpMmcZKt4jYK64HilfP-Nbfnq1BSqBBuuOsSjWa1myc9KgAGOMSXSmabTQM91yY3imuP5ldORsl009qEJBmh9f9HRnp9UhuwOixuwM54kVkgEUS065q4vpczvgiDm9dejkijtfa3Zi1Eh1dAeXHSF9cbhMT3j2V1k1Uj3b5VwrV95llNiUDlrbOmtWgOY3Vljeh6-Aow",
  use: "sig"
}

I can see the client-side libary is converting the modulus to BigInteger. Do I need to do that, and if so how would I do that in the jwt.io debugger?

Thanks a lot.

Matt

nicolas_sabena · October 24, 2018, 1:06am

Hi Matt. You need to paste the public key certificate in PEM format, like this:

-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIJObB6jmhG0[......]3MMYmc=
-----END CERTIFICATE-----

Line breaks won’t affect the results.
You can get your tenant’s public key certificate from https://{yourauth0domain}/pem.

system · August 27, 2019, 1:41pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible? JWT.io jwt-debugger	3	1729	September 25, 2023
JWK is not verified in debugger Help jwks , x509 , pem	10	2130	November 16, 2022
Why does jwt.verify() give "invalid signature"? JWT.io	13	92722	January 22, 2019
Signature verification for Elliptic Curve JWT.io	1	3855	April 24, 2020
Why JWT verify tampered tokens? JWT.io	4	4344	December 5, 2018

How to verify signature in the debugger for RS256?

Related Topics