Issue: When using jwt.io to decode a jwt, I see an invalid signature
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2F1cm9yYWhvdXJzLmNvbS9pZGVudGl0eS1iYWNrZW5kIiwic3ViIjoidGVzdHVzZXIiLCJhdWQiOiJsb2dnaW5nLXNlcnZpY2UiLCJpYXQiOjE3NTQzNzA5NzgsImV4cCI6MTc1NDM3Mjc3OCwic2NvcGUiOiJvcGVuaWQifQ.r7msRU2qGTpCmxrS5WMHwEdLyySFOsSc65dd-Bg1WGw
Solution:
🔍 Why does this happen?
JWTs are signed using a secret key (in your case: dev-client-secret). Tools like jwt.io don’t know that secret unless you provide it — so they can’t verify the signature and mark it as valid.
Comments
Post a Comment