jwt-go icon indicating copy to clipboard operation
jwt-go copied to clipboard

Published 20 hours ago verified publisher icon dgrijalva

jwt-go generating invalid signature tokens

Open fabstao opened this issue 3 years ago • 5 comments

Hi!

I am trying to use jwt-go for authentication, but when I try to validate the token, I get: Error: signature is invalid

Sample token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTU4MjYzOTAsInJvbCI6InVzdWFyaW8iLCJ1c2VyIjoiZmFicyJ9.EtWzy5_b6qUyD_-uyD9XJll5R0XWW6ntISBEohwGmo4

It's invalid even checking in jwt.io

Code generating token:

token := jwt.New(jwt.SigningMethodHS256)
	clamas := token.Claims.(jwt.MapClaims)
	clamas["user"] = usuario.Username
	clamas["rol"] = rol.Role
	clamas["exp"] = time.Now().Add(time.Hour).Unix()
	var err error
	PToken, err = token.SignedString([]byte("el_secreto"))
	if err != nil {
		return err
	}

Is there anything special I should use for HMAC secret in token.SingnedString ?

Thanks!!

fabstao avatar Jul 27 '20 04:07 fabstao

You should retry your debugging. For me the sample token is valid and signature verified.

IceflowRE avatar Jul 29 '20 17:07 IceflowRE

Ok, will check Thanks!

fabstao avatar Jul 29 '20 17:07 fabstao

@fabstao Hey bro, did you find an answer on this? I am tired of this, more than a week and I still have this problem.

luisnquin avatar Jan 08 '22 13:01 luisnquin

@fabstao Hey bro, did you find an answer on this? I am tired of this, more than a week and I still have this problem.

The problem is wrong use of jwt.io. Go ahead to jwt.io, delete the example, delete the string value "your 256 bits secret", write yours and after that paste your token. That's all

Edmartt avatar May 14 '22 13:05 Edmartt

Now is working, thanks a lot!

fabstao avatar May 14 '22 18:05 fabstao