Jwt-auth: Laravel 5.4 - Token Signature could not be verified.

Created on 21 Apr 2017 · 4Comments · Source: tymondesigns/jwt-auth

Hi,
I'm building an api to authenticate my users through my mobile application
The login controller return me the correct token.

<?php

namespace App\Api\V1\Controllers;

use Symfony\Component\HttpKernel\Exception\HttpException;
use Tymon\JWTAuth\JWTAuth;
use App\Http\Controllers\Controller;
use App\Api\V1\Requests\LoginRequest;
use Tymon\JWTAuth\Exceptions\JWTException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

class LoginController extends Controller
{
    public function login(LoginRequest $request, JWTAuth $JWTAuth)
    {
        $credentials = $request->only(['username', 'password']);

        try {
            $token = $JWTAuth->attempt($credentials);

            if(!$token) {
                throw new AccessDeniedHttpException();
            }

        } catch (JWTException $e) {
            throw new HttpException(500);
        }

        return response()
            ->json([
                'status' => 'ok',
                'token' => $token
            ]);
    }
}

Postman result

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjEsImlzcyI6Imh0dHBzOlwvXC9iZXRhZmlsZS5vcmdcL2dpcHNcL3B1YmxpY1wvYXBpXC9hdXRoXC9sb2dpbiIsImlhdCI6MTQ5Mjc4MDI2NiwiZXhwIjoxNDkyNzgzODY2LCJuYmYiOjE0OTI3ODAyNjYsImp0aSI6InZHWkxaNHNqRUlqYW05WTMifQ.g8_-qHsVVvCEj9_BoqDCKJ9QHvm-yqWALsXmxeMK_3c"
}

Now when I tried to get the current user by token I get the signature error
User controller

<?php

namespace App\Api\V1\Controllers;

use JWTAuth;
use App\Record;
use App\Http\Requests;
use Illuminate\Http\Request;
use Dingo\Api\Routing\Helpers;
use App\Http\Controllers\Controller;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class RecordController extends Controller
{
    use Helpers;

    public function store(Request $request) {
        //$record = new Record;
        //return $this->currentUser();
        $currentUser = JWTAuth::parseToken()->authenticate();
        return $currentUser;

    }

    private function currentUser() {
        return JWTAuth::parseToken()->authenticate();
    }
}

Postman result
{
  "error": {
    "message": "Token Signature could not be verified.",
    "status_code": 500
  }
}

I already try by pass the token by url domain.com/api/auth?token=token_key and by header Authorization Bearer token_key

Also I have the jwt secret inside config/jwt.php 'secret' => env('jwt_secret') and inside .env JWT_SECRET=jwt_secret

Any tip to help to solve this issue?

Thanks

Source

abolinhas

Most helpful comment

I solve this issue running

php artisan jwt:secret

casivaagustin on 22 Nov 2017

👍11

All 4 comments

Fix it, I don't now why but after generate a new app key the jwt auth starts work properly.
php artisan key:generate

Best regards

abolinhas on 23 Apr 2017

I solve this issue running

php artisan jwt:secret

casivaagustin on 22 Nov 2017

👍11

php artisan jwt:secret
It's solved. Thank you so much

vovanmai on 23 Jul 2018

If you are using Expo with Linking.parse(url). Where you are transferring your token, you need clear urlHash then getting token parameter. You have this error because this urlHash is stuck.
If you are using something other, checks your token. This error occurs because you have broken token.