Go to JWT.io right now and under Verify Signature which contains “your-256-bit-secret” go ahead and type anything in. I mean ANYTHING. What do you see? Signature Verified. Go to JWT.io again, then copy & paste your perfectly fine custom JWT in the Encoded Box. Now enter your custom Secret. What …

Hey there @suchislife801 ! I believe this answers your question: [image] Jwt.io debugger always returning signature verified with random using a random key Help If you change an HS256 key value on jwt.io the signature component is updated automatically so the signature w…

JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible?

JWT.io

system Closed September 25, 2023, 5:31pm 5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to verify signature in the debugger for RS256? JWT.io jwt-debugger , jwtio	2	5134	August 27, 2019
Why JWT verify tampered tokens? JWT.io	4	4347	December 5, 2018
Https://jwt.io/ issue JWT.io	1	3147	January 29, 2020
Why does jwt.verify() give "invalid signature"? JWT.io	13	94530	January 22, 2019
JWT.io - HS256 validation false positivites AFTER initial verification? JWT.io bug , jwt	0	968	August 29, 2023

JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible?

Related topics