jwt.io debugger always returning signature verified with random using a random key.
I was thinking that it should only show the signature verified if I provide the right secret key.
If you change an HS256 key value on jwt.io the signature component is updated automatically so the signature would be verified as it was just updated.
If you want to check the signature of an existing token then first set the key value and only after paste the existing token.