Auth0 Home Blog Docs

How to verify signature in the debugger for RS256?

jwt-debugger
jwtio

#1

Does verify signature in the jwt debugger work with RSA256? I’ve tried tons of different encodings and nothing I can do gets it to show signature verified. But I know it’s good as I’m verifying it with the client-side jsrassign library. Here is my public key:

{
  alg: "RS256",
  e: "AQAB",
  kid: "FDYc3/dIQSHEhRDIj00TvDwc3XPadxsAGGCTdskt0mY=",
  kty: "RSA",
  n: "jN7TL705q33CeJHgIzQVfg5YFFfl3ta4nnBIi1DccxOUE1AH8lyRP7CguAfdVVkggf3w8OlBb_FOTlFishAkukUvnhPGIklxVkBZK8fj7q09BB8A2GGXRUX0xUUsREmGR487IxUw0DzPVfdpMmcZKt4jYK64HilfP-Nbfnq1BSqBBuuOsSjWa1myc9KgAGOMSXSmabTQM91yY3imuP5ldORsl009qEJBmh9f9HRnp9UhuwOixuwM54kVkgEUS065q4vpczvgiDm9dejkijtfa3Zi1Eh1dAeXHSF9cbhMT3j2V1k1Uj3b5VwrV95llNiUDlrbOmtWgOY3Vljeh6-Aow",
  use: "sig"
}

I can see the client-side libary is converting the modulus to BigInteger. Do I need to do that, and if so how would I do that in the jwt.io debugger?

Thanks a lot.

  • Matt

#2

Hi Matt. You need to paste the public key certificate in PEM format, like this:

-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIJObB6jmhG0[......]3MMYmc=
-----END CERTIFICATE-----

Line breaks won’t affect the results.
You can get your tenant’s public key certificate from https://{yourauth0domain}/pem.