I signed a jwt in nodejs with the below snipet.
var jwtoken = jwt.sign({ email: '[email protected]', name: 'test' }, 'abcd');
I got the below token after signing
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAdGVzdC5jb20iLCJuYW1lIjoidGVzdCIsImlhdCI6MTYzNjE4MjYwOX0.07FXjm1lKEIiU_QOMEEOFzhsC0vtKt4PFoW-7YHHzyM
Then the result, either 'signature' verified' or 'invalid signature', will be correct.
Every secret that you enter after that causes a recalculation of the signature and then it's always verified (with the new secret):
But if you do it in the right order, a wrong secret causes an "invalid signature" result: