Go to JWT.io right now and under Verify Signature which contains “your-256-bit-secret” go ahead and type anything in. I mean ANYTHING. What do you see? Signature Verified. Go to JWT.io again, then copy & paste your perfectly fine custom JWT in the Encoded Box. Now enter your custom Secret. What …

Hey there @suchislife801 ! I believe this answers your question: [image] Jwt.io debugger always returning signature verified with random using a random key Help If you change an HS256 key value on jwt.io the signature component is updated automatically so the signature w…

JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible?

JWT.io

tyf September 1, 2023, 6:23pm 3

Hey there @suchislife801 !

I believe this answers your question: