user3383325 user3383325 - 1 year ago 114
Java Question

Generated with Java JJWT signature fails at debugger

I am using the jjwt Java library for server side generation of jwt in on servlets, the code snipper below straight from the jjwt GitHub page generates and prints out this token.


String compactJws = Jwts.builder()
.signWith(SignatureAlgorithm.HS256, "secret")
PrintWriter out = response.getWriter();

However, when I try to verify this token on's debugger, it fails the signature check.
Both checking and unchecking secret base64 encoded didn't work

Am I using the library wrongly?

Answer Source

Try with secr and check the base64 option :)

It is due to .signWith(SignatureAlgorithm.HS256, "secret"). It is implemented by DefaultJwtBuilder class

public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) 

This method assumes that you are providing a key in base64 and secret is not base64. When the method decodes from base64 to byte[] the java converter used by jjwt provides a representation of the string secr which is different to the JavaScript decoder used at

You can test yourself with

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download