Invalid signature when adding "crit" to header

jayrlsw · August 10, 2020, 4:39pm

Hello,

I am using https://jwt.io/ to test JWT/JWS creation. However, adding a “crit” section to my header and populating the string array seems to make the signature invalid.

This is a valid header:
{
“alg”: “PS256”,
“exp”: 1598075289,
“asdf”: [“test”]
}

This header makes the signature appear as invalid:
{
“alg”: “PS256”,
“exp”: 1598075289,
“crit”: [“exp”],
“asdf”: [“test”]
}

Why is this the case?

Thanks,
Jay

konrad.sopala · August 11, 2020, 2:48pm

Hey there,

We talked with the tool maintainers and here’s what they shared:

jayrlsw · August 15, 2020, 12:07pm

Aha, so it is a problem with jwt.io. I thought I was going crazy!

Good to know. Thanks!

konrad.sopala · August 17, 2020, 8:00am

Yes that is correct.

system · September 1, 2020, 8:14am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Jwt.io debuger debugger error when "crit"field is added in header Help jwtio	4	4106	August 11, 2020
Invalid Signature JWT.io jwt , invalid-signature	10	2495	June 9, 2023
SIGNATURE Issue JWT.io jwt , api , php	1	409	May 3, 2024
Jwt.io JSON parse error? JWT.io	1	1434	June 5, 2024
"alt": "none" validation bug on jwt.io Help vulnerability	2	4024	March 2, 2018

Invalid signature when adding "crit" to header

Related Topics