Use JWT Token created by Python in Java

Question

I have a interesting question. I use python with Flask for a authentication service, which generates JWT Tokens with flask_jwt_extended. Thats how I generate the tokens in Python, with Flask JWT Extended.

identity = {
        "firstname": user.firstname,
        "lastname": user.lastname,
        "email": user.email,
        "uuid": user.user_uuid,
        'user_id': user.id
    }
access_token = create_access_token(identity=identity, fresh=True)

In the Configuration I specify the JWT Secret Key and the JWT Algorithm:

JWT_SECRET_KEY = "this-really-needs-to-be-changed"
JWT_ALGORITHM = "HS256"

In Java I use the jjwt library (io.jsonwebtoken, jjwt, 0.9.0), to decode the JWT I make:

Claims userJWT = Jwts.parser()
                    .setSigningKey("this-really-needs-to-be-changed")
                    .parseClaimsJwt(token)
                    .getBody();

But in Java I get a exception if I run this, I really dont understand what the problem is, because the algorithm is the same and the token.

Since hours I try now to figure out what the problem is because it makes no sense for me,

exception:

  : JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.

io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354) ~[jjwt-0.9.0.jar!/:0.9.0]
        at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar!/:0.9.0]
        at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar!/:0.9.0]

@OliverCharlesworth sorry *_* forgot to add it. Added it now to the original question — ghovat, Mar 23 '18 at 21:48
The error is not related to Python. The Java class `javax.xml.bind.DatatypeConverter` is deprecated in Java 9. Check your Java version. — , Mar 25 '18 at 19:27
Thanks I added the jaxb-api which solved the problem with the XML Bind — ghovat, Mar 26 '18 at 08:23

score 2 · Accepted Answer · answered Mar 27 '18 at 07:48

Probably it is an encoding issue with the keys because your java library requires a base64encoded key. See DefaultJwtParser

public JwtParser setSigningKey(String base64EncodedKeyBytes) {

Please try this:

Claims userJWT = Jwts.parser()
                .setSigningKey(Base64.getEncoder().encodeToString("this-really-needs-to-be-changed"))
                .parseClaimsJwt(token)
                .getBody();

Use JWT Token created by Python in Java

1 Answers1