I'm generating my JWT token using JJWT library. I generate my token as follows. I'm using dummy values as my secret key.
we can assume that jwt.security.key=security-key
@Value("${jwt.security.key}")
private String key;
@Value("${ws.issuer}")
private String issuer;
static final long ONE_MINUTE_IN_MILLIS=60000;
static final long TOKEN_DURATION_IN_MIN=30L;
private SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
@Override
public String issueToken(String userName) {
long nowMillis = System.currentTimeMillis();
long expMillis = nowMillis + (ONE_MINUTE_IN_MILLIS * TOKEN_DURATION_IN_MIN);
return Jwts
.builder()
.setId("01")
.setIssuedAt(new Date(nowMillis))
.setHeaderParam("typ","JWT")
.setSubject(userName)
.setIssuer(issuer)
.setExpiration(new Date(expMillis))
.signWith(signatureAlgorithm, key).compact();
}
Although the token can be successfully decoded. Everytime I verify it's signature from jwt.io debugger it always result's to an invalid signature. Which can be seen here.