Error while calling API with JWT Token - JWSError JWSInvalidSignature

[mohsinchoudhary]

Hi Everyone,

I am facing the issue where we are unable to call the API using JWT token.
We are able to generate JWT token but when we pass the token as bearer token it shows error "JWSError JWSInvalidSignature".
I have verified the JWT token manually and it shows correct payload. Appreciate any suggestion if anyone had encountered this error. I have gone through other post on similar error but seems the issue is different.

[wolfgangwalther]

Is your jwt-secret at least 32 characters long?

Have you set jwt-secret-is-base64 correctly, according to whether you pass the jwt-secret as base64 or not?

[mohsinchoudhary]

Hi @wolfgangwalther , Yes it 32 bit long as plain text using Environment configuration. We are using plain text for jwt-secret which is not using base64.
I have also tried by setting secret with PGRST_JWT_SECRET_IS_BASE64=true and it still give same error.

[wolfgangwalther]

Of course, if you are using a plain text secret, which is not base64, you should not set .._is_base64=true.

I have verified the JWT token manually and it shows correct payload.

Have you verified the token's signature, too? You can do that for example on jwt.io. Paste the token and the secret in the appropriate place, then it will tell you whether the signature matches.

[mohsinchoudhary]

Hi @wolfgangwalther Sorry for not being clear, i have not set .._is_base64=true. when i was using plain jwt secret.
I have changed the jwt secret to exact 32 character in postgrest and sql script and now i no longer encounter this error. I will keep you updated if the error reoccurs.