The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA

luisfernando.romero · September 20, 2021, 2:26pm

Hi, I am trying to verify the jwt token. My provider is Azure AD.

private boolean verifyJWT(String azureDiscoveryKeys, String issuer, String token) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        JwkProvider provider = new UrlJwkProvider(new URL(azureDiscoveryKeys));
        Jwk jwk = provider.get(jwt.getKeyId());
        RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();
        Algorithm alg = Algorithm.RSA256(publicKey, null);
        JWTVerifier verifier = JWT.require(alg).withIssuer(issuer).build();
        verifier.verify(token);
        return true;
    } catch(JWTVerificationException | JwkException | NullPointerException | MalformedURLException ex) {
        log.error(ex.getMessage());
        return false;
    }
}

Throws the following error, when trying to verify the token:

com.auth0.jwt.exceptions.SignatureVerificationException: The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:50)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:299)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:283)

How to use the Auth0 library to verify a token using SHA256withRSA?
Thanks,

agarwal.trilok · January 11, 2022, 8:07am

I am facing the same issue

Exception in thread “main” com.auth0.jwt.exceptions.SignatureVerificationException: The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:53)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:299)
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:283)
at Main.main(Main.java:53)
Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 342
at java.base/sun.security.rsa.RSASignature.engineVerify(RSASignature.java:212)
at java.base/java.security.Signature$Delegate.engineVerify(Signature.java:1414)
at java.base/java.security.Signature.verify(Signature.java:788)
at com.auth0.jwt.algorithms.CryptoHelper.verifySignatureFor(CryptoHelper.java:107)
at com.auth0.jwt.algorithms.CryptoHelper.verifySignatureFor(CryptoHelper.java:85)
at com.auth0.jwt.algorithms.RSAAlgorithm.verify(RSAAlgorithm.java:48)
… 3 more

Topic		Replies	Views
RSA256/JWKS JWT validation using Auth0's `java-jwt` and `jwks-rsa-java` Help java-jwt-support-doc	5	21663	October 17, 2022
Token verification Failed - invalid signature Help invalid-signature , tier1 , verification	3	9686	March 2, 2018
JsonWebToken Signature Algorithm (The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256) Help	2	7568	July 12, 2019
Unable to verify jwt generated by jsrsasign JWT.io jwt , jwt-validation	1	5109	March 2, 2018
Signature Algorithm of "RS256" is Not Supported Err Msg .NET Auth0 NuGet Package Help jwt , aspnet-core	6	3804	May 28, 2022

The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA

Related Topics