Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"invalid signature" when try to verify token created with java #749

Open
veronica-souza opened this issue Sep 30, 2020 · 2 comments
Open

Comments

@veronica-souza
Copy link

Description

We have a system that generate a token using java:

private String doGenerateToken(Map<String, Object> claims, String subject) throws UnsupportedEncodingException {
		return Jwts.builder()
				.setClaims(claims)
				.setSubject(subject)
				.setIssuedAt(new Date(System.currentTimeMillis()))
				.setExpiration(new Date(System.currentTimeMillis() + JWT_EXPIRATION * 1000))
				.signWith(SignatureAlgorithm.HS512, secret).compact();
	}

I'm trying to verify this token in a ExpressJS App but everytime it run give us an invalid signature. I've already trying use the secret with base64 or only string but nothing works.
The thing is if the java code is change to secret.getBytes("UTF-8") the validation works, but this is not something I can do, because others apps in another languages work just fine with the current token generate.

Can anybody give me a clue why is that or an workaround?

Reproduction

App run ins expressJs

function verifyJWT(req, res, next) {
    const token = req.query['auth'];

    if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });


    //encoding
    let secret64 = Buffer.from(secret, 'ascii').toString("base64");
 
    jwt.verify(token, secret, { algorithms: 'HS512' }, function (err, decoded) {
        if (err) {
            console.log(err);
            console.log("MESSAGE: " + err.message);
            return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });
        }


        // if ok save to request
        req.userId = decoded.id;
        next();
    });
}

app.get('/testjwt', verifyJWT, function (req, res) {
    res.send('IT WORKS')
});

Environment

  • nodeJS: v12.16.3;
    -express: 4.17.1
    -jsonwebtoken: 8.5.1
@ghost
Copy link

ghost commented Jun 28, 2021

same issue +1

@NguyenVanCong1902
Copy link

i tried #208 then works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants