I followed your blog topic i.e. "How to Build a JSON Web Token in PHP" in order to generate a JWT token. But, when I try to verify it via the available JWT verifiers (such as jwt.io/) I get the "Invalid Signature" error.
Maybe the checker is buggy. Can you suggest a JWT checker that you use, please? If my token is genuinely invalid, can you suggest some routes to follow so that I can discover what I am doing wrongly?
I think this is because the jwt.io checker is a bit counter intuitive. To get the signature to verify you need to paste the secret into the "verify signature" block and also have the "secret base64 encoded" checkbox set properly. If your secret is simply text you leave this check off. If it is binary then you need to base64 encode it before pasting it. Then set this check on.
The JWTs I generated with Rob's code verified fine on jwt.io.
I am a developer with a passion for testing. I've been coding for 14 years and I want to share my experience and learnings with other developers to help them write better software.
I followed your blog topic i.e. "How to Build a JSON Web Token in PHP" in order to generate a JWT token. But, when I try to verify it via the available JWT verifiers (such as jwt.io/) I get the "Invalid Signature" error.
Maybe the checker is buggy. Can you suggest a JWT checker that you use, please? If my token is genuinely invalid, can you suggest some routes to follow so that I can discover what I am doing wrongly?
I think this is because the jwt.io checker is a bit counter intuitive. To get the signature to verify you need to paste the secret into the "verify signature" block and also have the "secret base64 encoded" checkbox set properly. If your secret is simply text you leave this check off. If it is binary then you need to base64 encode it before pasting it. Then set this check on.
The JWTs I generated with Rob's code verified fine on jwt.io.
When using jwt.io are you providing them with the correct secret?
Also if you're worried this is an 'issue' with the library feel free to create a ticket with an example token and I'll take a closer look.
github.com/RobDWaller/ReallySimple...