user3383325 user3383325 - 7 months ago 51
Java Question

Generated with Java JJWT signature fails at debugger

I am using the jjwt Java library for server side generation of jwt in on servlets, the code snipper below straight from the jjwt GitHub page generates and prints out this token.


String compactJws = Jwts.builder()
.signWith(SignatureAlgorithm.HS256, "secret")
PrintWriter out = response.getWriter();

However, when I try to verify this token on's debugger, it fails the signature check.
Both checking and unchecking secret base64 encoded didn't work

Am I using the library wrongly?


Try with secr and check the base64 option :)

It is due to .signWith(SignatureAlgorithm.HS256, "secret"). It is implemented by DefaultJwtBuilder class

public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) 

This method assumes that you are providing a key in base64 and secret is not base64. When the method decodes from base64 to byte[] the java converter used by jjwt provides a representation of the string secr which is different to the JavaScript decoder used at

You can test yourself with