I have an interesting question. I am using python with Flask for an authentication service that generates JWT tokens with flask_jwt_extended. This is how I generate tokens in Python, with Flask JWT Extended.
identity = {
"firstname": user.firstname,
"lastname": user.lastname,
"email": user.email,
"uuid": user.user_uuid,
'user_id': user.id
}
access_token = create_access_token(identity=identity, fresh=True)
In the configuration, I specify the JWT secret key and the JWT algorithm:
JWT_SECRET_KEY = "this-really-needs-to-be-changed"
JWT_ALGORITHM = "HS256"
In Java, I use the jjwt library (io.jsonwebtoken, jjwt, 0.9.0) to decode the JWT that I am doing:
Claims userJWT = Jwts.parser()
.setSigningKey("this-really-needs-to-be-changed")
.parseClaimsJwt(token)
.getBody();
But in Java, I get an exception, if I run it, I really don’t understand what the problem is, because the algorithm is the same and the token.
Since then I’ve been trying to find out what the problem is, because for me it doesn’t make sense,
an exception:
: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354) ~[jjwt-0.9.0.jar!/:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar!/:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar!/:0.9.0]
source
share