The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA

luisfernando.romero · September 20, 2021, 2:26pm

Hi, I am trying to verify the jwt token. My provider is Azure AD.

private boolean verifyJWT(String azureDiscoveryKeys, String issuer, String token) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        JwkProvider provider = new UrlJwkProvider(new URL(azureDiscoveryKeys));
        Jwk jwk = provider.get(jwt.getKeyId());
        RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();
        Algorithm alg = Algorithm.RSA256(publicKey, null);
        JWTVerifier verifier = JWT.require(alg).withIssuer(issuer).build();
        verifier.verify(token);
        return true;
    } catch(JWTVerificationException | JwkException | NullPointerException | MalformedURLException ex) {
        log.error(ex.getMessage());
        return false;
    }
}

Throws the following error, when trying to verify the token:

com.auth0.jwt.exceptions.SignatureVerificationException: The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:50)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:299)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:283)

How to use the Auth0 library to verify a token using SHA256withRSA?
Thanks,

agarwal.trilok · January 11, 2022, 8:07am

I am facing the same issue

Exception in thread “main” com.auth0.jwt.exceptions.SignatureVerificationException: The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:53)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:299)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:283)
at Main.main(Main.java:53)
Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 342
at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:212)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1414)
at java.base/java.security.Signature.verify(Signature.java:788)
at com.auth0.jwt.algorithms.CryptoHelper.verifySignatureFor(CryptoHelper.java:107)
at com.auth0.jwt.algorithms.CryptoHelper.verifySignatureFor(CryptoHelper.java:85)
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:48)
… 3 more