Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Signature verification raised", yet jwt.io says "Signature Verified" #401

Closed
scottrobertson opened this issue Jan 19, 2021 · 3 comments
Closed
Assignees

Comments

@scottrobertson
Copy link

@scottrobertson scottrobertson commented Jan 19, 2021

Hey

Having an odd issue that I cannot seem to replicate very easily.

token = "eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InVzZXJfaWQiOjEsInZlcmlmaWVyIjoiM2ExZGNlODItN2YwNC00Mjk1LTljN2QtYzUzYmQ4OGVjNTI3In0sImV4cCI6MTYxMTYyMjMxOH0.7HYR9jAsNeOjQFGGbmUBNalOqmUeLRK9eMldMjGQo38"

secret = "c61a64edec22c03a25f3b984910ac2da216a2963a379f4eaf58abac06f6c975572690925e85a1c52721d388b3c2ab75698e67acc3ec483e23abb98a88b140fd7"

JWT.decode(token, secret, true, { algorithm: 'HS256' })

This throws a JWT::VerificationError (Signature verification raised)

However, if i head over to jwt.io, and type in those exact same values (try it, just copy them from above) it says "Signature Verified"

Any ideas what is wrong here?

@excpt
Copy link
Member

@excpt excpt commented Jan 19, 2021

Hey @scottrobertson

The given token is invalid.

When entering the token into jwt.io and passing the password the last part of the token changes. The website manipulates the pasted token. It is not clearly visible. You really need to look. It's confusing.

First you need to paste the password and then paste the token. This ensures that the token is validated and not created with the given password. Doing this in the described order will display the "Invalid Signature" message.

Please check with the issuer of the token. There is something wrong in the creation process.

@scottrobertson
Copy link
Author

@scottrobertson scottrobertson commented Jan 19, 2021

Ah that makes total sense then. What a confusing website ha. It will be an issue on my end, thank you.

@excpt
Copy link
Member

@excpt excpt commented Jan 19, 2021

Thanks for the fast response.

Have a great day.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants