Invalid signature when adding "crit" to header

Hello,

I am using https://jwt.io/ to test JWT/JWS creation. However, adding a “crit” section to my header and populating the string array seems to make the signature invalid.

This is a valid header:
{
“alg”: “PS256”,
“exp”: 1598075289,
“asdf”: [“test”]
}

This header makes the signature appear as invalid:
{
“alg”: “PS256”,
“exp”: 1598075289,
“crit”: [“exp”],
“asdf”: [“test”]
}

Why is this the case?

Thanks,
Jay

Hey there,

We talked with the tool maintainers and here’s what they shared:

1 Like

Aha, so it is a problem with jwt.io. I thought I was going crazy!

Good to know. Thanks!

Yes that is correct.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.