How to verify the jwt token
//my code
jwt.verify(token, 'shhhhh', {algorithm:"RS256"} , function(err, decoded) {
console.log(decoded) // bar
console.log(err);
});
//error
JsonWebTokenError: invalid algorithm
When you paste the token in jwt.io, does it show RS256 as sign algorithm?
And which key (second parameter) are you using / where are you getting it from, just to confirm it’s the right one. If using RS256, the signed asymmetrically using a key, not a secret (as with symmetric signing). The key is at https://YOUR_TENANT.auth0.com/.well-known/jwks.json
Yes in jwt.io it is showing alg as RS256 , same thing i gave for verification still i am not getting the result, the url for the key is not working
the url for the key is not working
You need to fetch the key from there and use it in the verify method, not just put the URL as parameter. Check the example on GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
// Verify using getKey callback
// Example uses https://github.com/auth0/node-jwks-rsa as a way to fetch the keys.
var jwksClient = require('jwks-rsa');
var client = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
});
function getKey(header, callback){
client.getSigningKey(header.kid, function(err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
jwt.verify(token, getKey, options, function(err, decoded) {
console.log(decoded.foo) // bar
});
Related thread / question: