Hello, I am using https://jwt.io/ to test JWT/JWS creation. However, adding a “crit” section to my header and populating the string array seems to make the signature invalid. This is a valid header: { “alg”: “PS256”, “exp”: 1598075289, “asdf”: [“test”] } This header makes the signature appea…

Hey there, We talked with the tool maintainers and here’s what they shared: [image] Jwt.io debuger debugger error when "crit"field is added in header Help Hello any update on this?

Invalid signature when adding "crit" to header

JWT.io

konrad.sopala August 11, 2020, 2:48pm 2

Hey there,

We talked with the tool maintainers and here’s what they shared:

1 Like

Topic		Replies	Views
Jwt.io debuger debugger error when "crit"field is added in header Get Help jwtio	4	4120	August 11, 2020
"alt": "none" validation bug on jwt.io Get Help vulnerability	2	4032	March 2, 2018
Deep link JWT.IO "Invalid Signature" Get Help jwtio	5	4191	August 27, 2019
New jwt.io fails to verify signature for HS512 JWT.io invalid-signature , jwt-validation	2	99	July 31, 2025
JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible? JWT.io jwt-debugger	3	1824	September 25, 2023

Invalid signature when adding "crit" to header

Related topics