I generate my jwt token using a token secret such as “tokensecretstring” and HS512. I used to be able to go to “jwt .io” and copy my jwt into left side (all 3 parts) and it would get decoded. And at the bottom in signature verification, I was able to past my “tokensecretstring” which is the secret that was used to generete the token, and it would verify signature successfully. With the new version, it is not working and I always get “Invalid signature” regardless whether I use UTF-8 or base64Url. If I use locally installed jsonwebtoken (npm package), I can sign my jwt token and validate it successfully using the “tokensecretstring”. I think the new version of “jwt .io” has a bug.
Welcome to the Auth0 Community!
Thank you for bringing this to our attention. I’ve reported it to our engineering team, and I’ll let you know once I have more details
Thanks
Dawid