DEV Community

Discussion on: How to Create a JSON Web Token Using PHP

Collapse
 
sagargurnani36 profile image
Sagar Gurnani

I followed your blog topic i.e. "How to Build a JSON Web Token in PHP" in order to generate a JWT token. But, when I try to verify it via the available JWT verifiers (such as jwt.io/) I get the "Invalid Signature" error.

Maybe the checker is buggy. Can you suggest a JWT checker that you use, please? If my token is genuinely invalid, can you suggest some routes to follow so that I can discover what I am doing wrongly?

Collapse
 
bobrundle profile image
Bob Rundle

I think this is because the jwt.io checker is a bit counter intuitive. To get the signature to verify you need to paste the secret into the "verify signature" block and also have the "secret base64 encoded" checkbox set properly. If your secret is simply text you leave this check off. If it is binary then you need to base64 encode it before pasting it. Then set this check on.

The JWTs I generated with Rob's code verified fine on jwt.io.

Collapse
 
robdwaller profile image
Rob Waller

When using jwt.io are you providing them with the correct secret?

Also if you're worried this is an 'issue' with the library feel free to create a ticket with an example token and I'll take a closer look.

github.com/RobDWaller/ReallySimple...