Generated JWT token is mentioned below. In jwt.io website says "invalid signature" :
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0.SUHPiDut67KM6LcbzYEF2CCMKiQlB5JMdiqqgIurJHg"
JWT token generation method
private static string generateJwtToken(string username, string password, string TTid)
{
System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) = { return true; };
User user = new User();
user.Username = username;
user.Password = password;
user.TTID = '123456';
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("sample2023TTTTASASA");
var securityKey = new SymmetricSecurityKey(key);
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var secToken = new JwtSecurityToken(
signingCredentials: credentials,
issuer: "sample",
audience: "sample",
claims: new Claim[] { new Claim("userName", user.Username.ToString()), new Claim("TTID", '123456'), },
expires: DateTime.UtcNow.AddDays(1));
var handler = new JwtSecurityTokenHandler();
return handler.WriteToken(secToken);
}
I think your token is OK. You just need to specify the key you used to sign the token with in the jwt.io page in the 'your-256-bit-secret' input box in 'Verify signature' part. So put 'sample2023TTTTASASA', it works.
Reason:
JWT token's signature is generated as a combination of header + payload + signing key.
Header is the first part of the token to first dot, in this case 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'.
Payload is the second part - the part between dots eyJ1c2VyTmFtZSI6ImFkbWluIiwiVFRJRCI6IjEyMzQ1NiIsImV4cCI6MTY4Nzc2Mzg3MiwiaXNzIjoic2FtcGxlIiwiYXVkIjoic2FtcGxlIn0. This part contains the actual claims.
Third part is the signature and it is generated with use of a specific algorithm, e.g. HMAC SHA256 with a signing key, in this case 'sample2023TTTTASASA' and this you need to specify on the page.