Jwt-auth: Token Signature could not be verified.

Created on 16 Feb 2017  路  11Comments  路  Source: tymondesigns/jwt-auth

TokenInvalidException in NamshiAdapter.php line 71: Token Signature could not be verified.

Got this error while trying to decode Jwt Token , but decoding at jwt.io site it is fine.

any idea?
thanks

picture paolog22
👍1

Most helpful comment

Sorry NBF?

picture wemersonjanuario on 10 Apr 2017
👍2

All 11 comments

I think it actually happens on line 84 of Namshi.php. The verify()Method of JWS.php always fails.

rico picture rico on 6 Mar 2017
👍1

This happens with me sporadically with no explanations When I send too many request to api some callbacks having this error "Token Signature could not be verified". If you request again everything goes ok.

I could work around this passing jwt_secret code directly on jwt.php config file instead of env('JWT_SECRET').

Do you knows if laravel middlare has a BUG using .env variables on middlares? sometimes env values return null inside middlewares.

wemersonjanuario picture wemersonjanuario on 10 Apr 2017

@wemersonjanuario i fixed my problem with NBF . do double check your NBF .
hope it helps :)

paolog22 picture paolog22 on 10 Apr 2017

Sorry NBF?

wemersonjanuario picture wemersonjanuario on 10 Apr 2017
👍2

How?

wemersonjanuario picture wemersonjanuario on 10 Apr 2017

@wemersonjanuario please refer here
https://github.com/tymondesigns/jwt-auth/wiki/Creating-Tokens

paolog22 picture paolog22 on 10 Apr 2017

I've understood what nbf means. But How to modify It ? I have token create automaticaly by attempt method. Can you make It more clear? Thanks

wemersonjanuario picture wemersonjanuario on 14 Apr 2017

@paolog22 I'm running into this issue as well and can't find a resolution anywhere, thinking maybe nbf could be another issue?

Can you explain what might be wrong with nbf?

mycarrysun picture mycarrysun on 5 Oct 2017

@mycarrysun hi can you show some logs ?
i fix my problem with the time
@wemersonjanuario hi sorry late reply been busy but do please check the time being include in the token..

paolog22 picture paolog22 on 6 Oct 2017

@paolog22 it was the format of the Authorization header....syntax was wrong. The package I got the starter template from was in Bearer: [token goes here] which did not work until I changed it to Bearer : [token] and worked the entire day. Something changed though because it stopped working and what fixed it was changing the format to Bearer [token].

mycarrysun picture mycarrysun on 6 Oct 2017

I get token cannot be verified... If I call the API with token=[token] then the call goes just fine through it.
I can verify this by removing a character from the token which results in "Could not decode token". If I leave the token out then I get token not provided. So, JWT is working fine as such.
But when Laravel receives it from the FE code. (Angular 6) then it fails with the above message.
I send the token in header with: Authorization: Bearer "[token]" and then I get the Token could not be verified.
If I try to change the header to i.e. Authorization: "[token]" and then I get the Token not provided.
So conclusion is, that the same token cannot be verified through header but it can through URL parameter.
But why? I'm using JWT in another project, I'm using the same:
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I'm lost. Please help :-)
Thanks in advance!!

jegjessing picture jegjessing on 30 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gamelife1314 picture gamelife1314  路  3Comments
phamduong picture phamduong  路  3Comments
aofdev picture aofdev  路  3Comments
lloy0076 picture lloy0076  路  3Comments
functionpointdaniel picture functionpointdaniel  路  3Comments