Hi There. I found this thread looking entries for PHP JWTVerifier. I also faced this problem with the “Signature verification failed in” message.
I found that by default the JWTVerifier class has the supported algorithms setted to HS256:
protected $supported_algs = ['HS256'];
But the default algorithm when creating an API is RS256. The problem happens if you don’t manually change the algorithm to RS256, the program fails to run either because it says a secret is required (which you don’t have for RS256) or the signature fails when overriding that config.
Setting the $supported_algs variable to [‘RS256’] solves the problem and allows you to complete the token verification. I was stucked with this problem for a whole day, I hope it helps somebody 
Best!