Hello, I have a question.
We have developped for our application our own JWT token creator + parser in Java. We used no lib, but just used the Java SDK and followed the relevant RFC spec or other descriptions found elsewhere.
During development we used the https://jwt.io/#debugger to create tokens and to verify our own generated tokens. All works fine.
Purpose is to validate tokens generated by another party. Now we did first integration tests but found that the other party generates tokens, which our validator regards as invalid. On the other hand https://jwt.io/#debugger accepts these tokens. To us these tokens definitely look like base64 rather than base64URL encoded which in our opinion is not spec conform.
https://jwt.io/#debugger works in two direction. So if afterwards we use the tool to generate the token, it generates a different token, our validator accepts.
Can you tell us a reason why the other party token can be successfully validated with the tool?