How do I verify a `SecretKey` signature on jwt.io ? #860

emt2dev · 2023-10-09T00:09:53Z

emt2dev
Oct 9, 2023

Describe the bug
I've tried to create and parse a jwt using spring boot api and jwt.io
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdHRkc2FkYWRzZHRAdXNlci5jb20ifQ.GEiJSiu6EdSHKexspsHFOjmo9dwH_lV94KWrZLiZOQs
shows as invalid signature on jwt.io

To Reproduce

I've kept it very simple:
SecretKey key = Jwts.SIG.HS256.key().build();
return Jwts.builder().subject(userDetails.getUsername()).signWith(key).compact();

Expected behavior
I'd like to have a valid jwt.

Screenshots

Answered by laurids

Oct 9, 2023

You need to let jwt.io know the key in order for it to verify the signature.
Just paste the base64 encoded key into the text box on the bottom right saying "your-256-bit-secret".
java.util.Base64.getEncoder().encodeToString(key.getEncoded());

View full answer

laurids · 2023-10-09T11:26:20Z

laurids
Oct 9, 2023

You need to let jwt.io know the key in order for it to verify the signature.
Just paste the base64 encoded key into the text box on the bottom right saying "your-256-bit-secret".
java.util.Base64.getEncoder().encodeToString(key.getEncoded());

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How do I verify a `SecretKey` signature on jwt.io ? #860

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

How do I verify a SecretKey signature on jwt.io ? #860

emt2dev Oct 9, 2023

Replies: 1 comment

laurids Oct 9, 2023

How do I verify a `SecretKey` signature on jwt.io ? #860

emt2dev
Oct 9, 2023

laurids
Oct 9, 2023