I have a interesting question. I use python with Flask for a authentication service, which generates JWT Tokens with flask_jwt_extended. Thats how I generate the tokens in Python, with Flask JWT Extended.
identity = {
"firstname": user.firstname,
"lastname": user.lastname,
"email": user.email,
"uuid": user.user_uuid,
'user_id': user.id
}
access_token = create_access_token(identity=identity, fresh=True)
In the Configuration I specify the JWT Secret Key and the JWT Algorithm:
JWT_SECRET_KEY = "this-really-needs-to-be-changed"
JWT_ALGORITHM = "HS256"
In Java I use the jjwt library (io.jsonwebtoken, jjwt, 0.9.0), to decode the JWT I make:
Claims userJWT = Jwts.parser()
.setSigningKey("this-really-needs-to-be-changed")
.parseClaimsJwt(token)
.getBody();
But in Java I get a exception if I run this, I really dont understand what the problem is, because the algorithm is the same and the token.
Since hours I try now to figure out what the problem is because it makes no sense for me,
exception:
: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354) ~[jjwt-0.9.0.jar!/:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar!/:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar!/:0.9.0]
javax.xml.bind.DatatypeConverteris deprecated in Java 9. Check your Java version. – Intermediate