.NET Core 6 JWT token has invalid signature

Question

I have tried to implement JWT authentication to an API. I am following the tutorials. So far I can get the token, but when I checked the token in https://jwt.io/, I am getting an invalid signature.

Here are the codes that I used.

Program.cs:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options    =>
{
    options.RequireHttpsMetadata = false;
    options.SaveToken = true;    
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true,
        ValidIssuer = builder.Configuration["Jwt:Issuer"],
        ValidateAudience = true,
        ValidAudience = builder.Configuration["Jwt:Audience"],
        ValidateIssuerSigningKey = true,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
            builder.Configuration["Jwt:Key"]))
    };
});

appsettings.json:

"Jwt": {
    "Key": "lectureTest123456",
    "Issuer": "https://localhost:44387",
    "Audience": "https://localhost:44387",
    "Subject": "JWTServiceAccessToken"
},

And in the class that generates the token

    private string GetToken()
    {
        var claims = new[]
        {
            new Claim(JwtRegisteredClaimNames.Sub, _configuration["Jwt:Subject"]),                
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            new Claim(JwtRegisteredClaimNames.Iat, "1516239022"),
            new Claim("userId" , "1"),
            new Claim("name", "Jason"),
            new Claim("userName", "Jason"),
            new Claim("email", "jason@gmail.com")
        };

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("lectureTest123456"));
        var singIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
        var token = new JwtSecurityToken(
                _configuration["Jwt: Issuer"],
                _configuration["Jwt:Audience"],
                claims,
                expires: DateTime.UtcNow.AddHours(1),
                signingCredentials: singIn
                );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

What seems to be the issue?

I am expecting that the JWT token is a valid one.

Most probably you didn't paste your key on jwt.io, and without a key, the token can't be verified. So I guess there's no real problem aside from that. Please read [my answer here](https://stackoverflow.com/questions/69862105/jwt-io-says-signature-verified-even-when-key-is-not-provided/69862239#69862239 to see how to use jwt.io correctly. — jps, Apr 19 '23 at 15:10
It seems right all of them. I checked how i used generate jwt token in my code. My code is same you code. Maybe you should will test your code another way. — ismail ERDEN, Apr 26 '23 at 14:01

Qing Guo · Answer 1 · 2023-04-20T10:10:20.533

Note when you add "secret bas64 encoded" in jwt.io you need to keep the same with you key in your GetToken().

Besides, I test your code, and find something you need to know to avoid the next 401 error, try to modify your code like below:

Remove the space before Issuer :

change _configuration["Jwt: Issuer"] into _configuration["Jwt:Issuer"],,

keep the same with your jwt key in appsettings.json

var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("lectureTest12345"));

it need to be:

var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("lectureTest123456"));

or:

var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Key"]));

.NET Core 6 JWT token has invalid signature

1 Answers1

Linked