Java – JWT signature does not match local computed signature

Java

I'm using it

JwtBuilder builder = Jwts.builder()
                    .setId(user.getEmail())
                    .signWith(signatureAlgorithm,signingKey);

Then create a token

Jwts.parser().setSigningKey(secret).parse(token);

Authenticate When I run it in JUnit test, it works normally However, when I verify the token passed as a header through a rest call, the authentication fails due to a signatureexception I have verified the tokens at both ends of the HTTP call, and the token string is the same The creation / authentication code is static, so the secret on each side is the same Any clue

Solution

static Key secret = MacProvider. generateKey(); A new random key is generated each time the server is reloaded, because static variables are initialized when the class is loaded

This means that if you issue JWT, it will only work if the server does not restart The signatureexception you get is because the signature keys are different

You need to store the signature key secret after the first generation Getencoded () and load it when the module starts

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>