Please check. I have encoded the JWT with some signature. When I decode it is working fine in postman and getting valid response. But when I used same in the website I have added my wrong signature key it is showing “Signature verified”.
Above is the image where I have added my encoded that and default signature of the website so giving an right output that is “invalid signature”. But this should show same error when I will add my wrong signature but here my signature is not validated even for wrong signature it is showing me “Signature Verified”.
Please find below attachment where I have added only first letter of my secret key. Instead of showing me invalid it is showing verified.
Please verify this.