How to create an RS256 JWT using JWT.IO website?

0
votes

I'm trying to create a demo/test RS256 JWT using JWT.IO website. Every time I try and create the JWT on that website it says the signature is invalid.

enter image description here

The signature PUBLIC KEY was auto-provided by the website

Is there some trick which I'm missing?

SIDE NOTE 1: I've blanked out the kid value because I wasn't sure if that was sensitive or not .. even though this is just some lame demo JWT for learning/experimenting with.

SIDE NOTE 2: I'm actually using Auth0 for my delegated authentication. I have a full RS256 token which Auth0 has given me ... and can be displayed in JWT.io ... but I'm trying to modify the exp value to something farther in the future and to do that, I need to create a new token using public/private.

1
jwtauth0
why Payload area is pink? something is wrong. - Alex
I know - i'm totally stumped. - Pure.Krome

1 Answers

0
votes

As the placeholder text for the second textbox says Private Key. Enter it in plain text only if you want to generate a new token. The key never leaves your browser., you will need to add a Private Key in the second textbox in order to edit the payload & regenerate the token.

If the token was generated by Auth0 then it uses your tenant private key which is automatically generated when you created that tenant. For security reasons you do not have access to that private key.

Update: If you are using your own private & public key pair to generate a token, you can create one using ssh-keygen. Make sure you have installed ssh-keygen for your OS and then go to command line/terminal prompt and type following

ssh-keygen -t rsa

Accept the defaults (file will be saved in /home/username/.ssh/ on Mac for eg.) and enter your pass phrase

Once that command finishes executing, you will get two files id-rsa and id-rsa.pub. The one without any extension is your private key and one with .pub is your public key. Use content of those two files on jwt.io to create a token.