Reputation: 435
JWT Verification Failing
I am new to JWT tokens. I am able to create and verify JWT in Java (using JJWT) and even online using following link http://kjur.github.io/jsjws/tool_jwt.html.
BUT when I try to create JWT using one source and try to validate using another, it always fail. I couldn't successfully generate and validate JWT using 2 different sources. I even tried using http://jwt.io
Can someone help me understand what might be wrong? I believe it should be possible to create JWT using one library and validate using another library considering you are using correct sign algo and secret key.
Upvotes: 3
Views: 6650
Answers (2)
Reputation: 1316
One aspect of JWT that can confuse is that it does not encrypt the data. It is possible to extract the contents of a JWT including all the fields. The signing of it however allows us to validate that the token was generated/signed with a particular secret and it is this that is used to validate or authenticate. If that is not the issue then it could well be just the tool/library key encoding as suggested by @frasertweedale - care needs to be taken to encode all the source fields appropriately.
Upvotes: 1
Reputation: 5684
The key input at http://kjur.github.io/jsjws/tool_jwt.html accepts hex-encoded values. The default secret 616161 actually decodes to aaa. Verifying the generated token at http://jwt.io/ using aaa as the secret works.
Upvotes: 2
Related Questions
- JWT Validation fails
- Can't validate JWT token
- Generate JWT token not valid - java
- Verify JWT Token error 'secretOrPrivateKey must have a value'
- Unexpected "InvalidJwtSignatureException: JWT rejected due to invalid signature"
- JWT Token could not be verifed before
- jwt error with method `verify_expiration'
- JWT invalid signature
- Auth0 java-jwt library fails to verify a valid token
- fail to verify jwt signature in Java