Home > Enterprise >  jwt.io says Signature Verified even when key is not provided
jwt.io says Signature Verified even when key is not provided

Time:11-07

I signed a jwt in nodejs with the below snipet.

var jwtoken = jwt.sign({ email: '[email protected]', name: 'test' }, 'abcd');

I got the below token after signing

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAdGVzdC5jb20iLCJuYW1lIjoidGVzdCIsImlhdCI6MTYzNjE4MjYwOX0.07FXjm1lKEIiU_QOMEEOFzhsC0vtKt4PFoW-7YHHzyM

I wanted to verify this with enter image description here

Then the result, either 'signature' verified' or 'invalid signature', will be correct.

Every secret that you enter after that causes a recalculation of the signature and then it's always verified (with the new secret): enter image description here

But if you do it in the right order, a wrong secret causes an "invalid signature" result:

enter image description here

  • Related