I generate my jwt token using a token secret such as “tokensecretstring” and HS512. I used to be able to go to “jwt .io” and copy my jwt into left side (all 3 parts) and it would get decoded. And at the bottom in signature verification, I was able to past my “tokensecretstring” which is the secret that was used to generete the token, and it would verify signature successfully. With the new version, it is not working and I always get “Invalid signature” regardless whether I use UTF-8 or base64Url. If I use locally installed jsonwebtoken (npm package), I can sign my jwt token and validate it successfully using the “tokensecretstring”. I think the new version of “jwt .io” has a bug.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Why does jwt.verify() give "invalid signature"? | 13 | 94845 | January 22, 2019 | |
| Token validation with https://jwt.io/#debugger | 2 | 4421 | March 2, 2018 | |
| Invalid Signature | 10 | 2854 | June 9, 2023 | |
| JWT token signature verfied without secret key in https://jwt.io/ | 2 | 3497 | April 28, 2020 | |
| JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible? | 3 | 1821 | September 25, 2023 |