, ,

Please check. I have encoded the JWT with some signature. When I decode it is working fine in postman and getting valid response. But when I used same in the website I have added my wrong signature key it is showing “Signature verified”.

Above is the image where I have added my encoded that and default signature of the website so giving an right output that is “invalid signature”. But this should show same error when I will add my wrong signature but here my signature is not validated even for wrong signature it is showing me “Signature Verified”.

Please find below attachment where I have added only first letter of my secret key. Instead of showing me invalid it is showing verified.

Please verify this.

Please correct me if I have went wrong somewhere. Please let me know if there is something which I have missed because of that I am getting this issue.