Lexikjwtauthenticationbundle: JWT: invalid signature

Created on 30 May 2015  路  11Comments  路  Source: lexik/LexikJWTAuthenticationBundle

Hello,

When I paste the token received with the login_check uri in jwt.io, it says that the signature is invalid, is it normal ?

Most helpful comment

in the verify signature column, fill in your secret

All 11 comments

jwt.io only supports hs256 and rs256 jwt. so f the token you are generating is different alg then it will be invalid on jwt.io.

try pasting the token using rs256 in jwt.io, and then paste the public and private keys.

It's already in RS256 because of the header of the token

oki, did you paste the public/private keys into fields? i havent tried jwt.io rs feature yet, so not sure how well it works.

When I paste the keys, nothing change

i have no clue then, is most likely an issue with jwt.io

Is it not a problem of the token ?

I tested using only the namshi/jose library and the result is the same. We'll have to investigate what is the problem, the library or the jwt.io decoding. Anyway, it is not really a problem for the moment.

Thank you, I reported it just for you to know

That's cool, I'll try to find the cause of the problem.

in the verify signature column, fill in your secret

If anyone is still running into this issue, what sorted it for me was to change the secret to match my key, then paste the token in again.

pasting the token in AFTER changing the secret is the crux of what got mine to verify.

I was using HS256.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

pbalan picture pbalan  路  5Comments

christophe-mailfert picture christophe-mailfert  路  5Comments

reducio picture reducio  路  4Comments

JuliusKoronci picture JuliusKoronci  路  4Comments

rolandrajko picture rolandrajko  路  3Comments