Auth0 Home Blog Docs

Token verification Failed - invalid signature

invalid-signature
tier1
verification

#1

I generated a Jwt token but when i tried to verify the token, I could only see my header and payload and for my signature it says that its invalid, even though, I used my public key in the verification process. Below is the code i used to generate the token.

    public static string GetToken(string jsonPayload, string path)
    {
        string pemString = File.ReadAllText(path);
        string jwt = string.Empty;
        AsymmetricCipherKeyPair keyPair;

        using (StreamReader sr = new StreamReader(path))
        {
            PemReader pr = new PemReader(sr);
            keyPair = (AsymmetricCipherKeyPair)pr.ReadObject();
        }

        RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private);

        using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
        {
            rsa.ImportParameters(rsaParams);
      
            jwt = Jose.JWT.Encode(jsonPayload, rsa, Jose.JwsAlgorithm.RS256);
        }
 

        return jwt;
    }

#2

Verification of the signature depends on the signing algorithm used.
HS256 uses the client secret to sign the token.
In the case of RS256, The token is signed using your Auth0 account’s private key. The signature needs to be verified with the corresponding public key.
The document below for further information:
https://auth0.com/docs/apis#signing-algorithms


#3

@swapna.dixit thanks for the reply. My private key is actually generated from my server and not from Auth0 account. I have a feeling that am not doing the encoding correctly. Can you show me some code samples for generating the token with RS256 with a private key.
Thanks in advance !


#4