Thank you for getting back to me. I’m using the Auth0-PHP library so I don’t know how that is supposed to help. I actually don’t know why there arent more complaints like this. I even tried using the starter seed library and I am still getting the same error.
Fatal error : Uncaught Auth0\SDK\Exception\CoreException: Signature verification failed in JWTVerifier.php** on line 226
Following up @john8, after some investigation I found that someone is exhibiting a similar issue to you within the Github issues.
As our Senior Engineer suggests in the thread, can you share the configuration you’re using when initializing the Auth0 class removing any sensitive data. Is this a new application you’re building or is this happening with the latest version of the SDK in one that was working before? Thanks in advance!
Hi There. I found this thread looking entries for PHP JWTVerifier. I also faced this problem with the “Signature verification failed in” message.
I found that by default the JWTVerifier class has the supported algorithms setted to HS256:
protected $supported_algs = ['HS256'];
But the default algorithm when creating an API is RS256. The problem happens if you don’t manually change the algorithm to RS256, the program fails to run either because it says a secret is required (which you don’t have for RS256) or the signature fails when overriding that config.
Setting the $supported_algs variable to [‘RS256’] solves the problem and allows you to complete the token verification. I was stucked with this problem for a whole day, I hope it helps somebody
