- Go to JWT.io right now and under Verify Signature which contains “your-256-bit-secret” go ahead and type anything in. I mean ANYTHING. What do you see?
Signature Verified.
- Go to JWT.io again, then copy & paste your perfectly fine custom JWT in the Encoded Box. Now enter your custom Secret. What do you see?
Signature Verified.
- Now go ahead modify your custom Secret under Verify Signature. Yep, go ahead and smash buttons on your keyboard. Type anything. Yes, really. What do you see?
Signature Verified.
How is this possible?