Jwt-auth: Token Invalid Error

Same. Strong suspicion this package has been neglected.

have you tried verifying the token on jwt.io aswell ?

@lukeed Nope just not been very active lately

@tymondesigns My token is created from a User record, and immediately considered invalid. Extremely basic implementation; there's not even blacklisting enabled.

could you try the following code in your routes.php

// e.g. app.dev/test?token=foo
Route::get('/test', function () {
    return JWTAuth::parseToken()->authenticate();
});

This will allow the exception to bubble up and expose the true error

Hi, I have the same problem and used the above code to check the Exception. Here is the error stack. This is normal since foo doesn't have 3 dot-separated segments.

TokenInvalidException in TokenValidator.php line 37:
Wrong number of segments
in TokenValidator.php line 37
at TokenValidator->validateStructure('foo') in TokenValidator.php line 26
at TokenValidator->check('foo') in Token.php line 30
at Token->__construct('foo') in JWTAuth.php line 278
at JWTAuth->setToken('foo') in JWTAuth.php line 208
at JWTAuth->parseToken() in Facade.php line 215
at Facade::__callStatic('parseToken', array()) in routes-api.php line 14
at RouteServiceProvider->{closure}()
at call_user_func_array(object(Closure), array()) in Route.php line 158
at Route->runCallable(object(Request)) in Route.php line 137
at Route->run(object(Request)) in Router.php line 724
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ThrottleRequests.php line 48
at ThrottleRequests->handle(object(Request), object(Closure), '60', '1')
at call_user_func_array(array(object(ThrottleRequests), 'handle'), array(object(Request), object(Closure), '60', '1')) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Router.php line 726
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
at Router->dispatchToRoute(object(Request)) in Router.php line 675
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 53

However, when I use a real token produced by the login method given as example here,

{localhost}/test?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NzI3OTg1OTYsInN1YiI6MSwiaXNzIjoiaHR0cDpcL1wvZnJlZGVyaWNjaGlhc3Nvbi5hcHBcL2FwaVwvYXV0aFwvbG9naW4iLCJpYXQiOjE0NzI3OTQ5OTYsIm5iZiI6MTQ3Mjc5NDk5NiwianRpIjoiMmM2OGZmYzQ0NTk5MDFmZjFmYzc2MmViMWQ1N2U4NmYifQ.HIWioi05HquZLCDVPsXUJxRncSmqC1xloueS7dnjspg

... I have this error stack.

TokenInvalidException in NamshiAdapter.php line 71:
Token Signature could not be verified.
in NamshiAdapter.php line 71
at NamshiAdapter->decode(object(Token)) in JWTManager.php line 79
at JWTManager->decode(object(Token)) in JWTAuth.php line 190
at JWTAuth->getPayload(false) in JWTAuth.php line 124
at JWTAuth->authenticate() in routes-api.php line 14
at RouteServiceProvider->{closure}()
at call_user_func_array(object(Closure), array()) in Route.php line 158
at Route->runCallable(object(Request)) in Route.php line 137
at Route->run(object(Request)) in Router.php line 724
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ThrottleRequests.php line 48
at ThrottleRequests->handle(object(Request), object(Closure), '60', '1')
at call_user_func_array(array(object(ThrottleRequests), 'handle'), array(object(Request), object(Closure), '60', '1')) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Router.php line 726
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
at Router->dispatchToRoute(object(Request)) in Router.php line 675
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 53

I just noticed that I was missing the JWT secret key, since I changed computers! That is why I had this error and the token was invalid. Adding the key with artisan jwt:generate solved this issue.

This is an installation step already covered in the Wiki : https://github.com/tymondesigns/jwt-auth/wiki/Installation

@setkyar, @lukeed : please try this and check if it solves your issue too.

I just $ composer update and it worked.

I also have this issue. Sometimes I can send 10-20 requests and all works, and sometimes I send 3 requests and I get a token is invalid exception. (The token has a correct signature.)
@tymondesigns I tried to check with

Route::get('/test', function () {
   return JWTAuth::parseToken()->authenticate();
});

I got a token blacklisted exception.
Any ideas?

Thanks for all your great work, @tymondesigns ! :)

I randomly get a {"error":"token_invalid"} response when passing the token to my API via a mobile browser. Then I'll copy the exact same request from the server logs into my computer's browser and it works fine. My secret is hard coded and seems fine. I'm using Laravel 5.1 and tymon/jwt-auth version 0.5.9.

Could a token be invalid if decoded too soon after it's creation? Is there some way a different browser could affect decoding? Would you recommend using a different version of the package?

Any suggestions would be extremely appreciated. Thanks!

@mikepsinn Your issue seems almost the same as my. Do you have this issue only on mobile devices? I get the token invalid exception also on desktop browsers.
The tokens are blacklisted to earlier. As a workaround I disabled the blacklisting. Which works good for now, but I hope there will be a fix soon, although the issue is open since 5. Aug. Maybe I will write my own blacklisting extension.

@psychonetic Yes, it is only on mobile. I actually disabled blacklisting yesterday after seeing your earlier comment and haven't seen the issue since, either. Thanks for the tip! :D

is there any solutions to this issue ?

@Martha-91 Actually, disabling blacklisting ended up not working for me either. I had to just stop using JWT.

@mikepsinn it works with me when token is valid but when credentials or token are not correct , it throw an error which I couldnot handle , but now I can handle YAY, what is blacklisting ?

@Martha-91 https://github.com/tymondesigns/jwt-auth/issues/814#issuecomment-246937791

I also had a token_invalid. When I debugged Tymon\JWTAuth\Token I saw the $value contains a ": " before the actual token string. So i removed that and now it seems working (so far). In the __construct(): $value = str_replace(": ", "", $value); But why?

When validating my token on jwt.io it seems that the token is "Invalid Signature". What does that mean?

@tymondesigns Why did you close this issue? Is it solved in Version 1.0? Any comment about this would be great and I don't know if you version 1.0 was entirely rebuilded, but how this issue was caused?

@psychonetic @tymondesigns

Any updates on this one?