jwt-auth: Token invalid | Token Signature could not be verified.

I’m getting pretty tired of this error… Stuck for 2 days now.

I do receive a token on valid credentials, but my token stays invalid, no matter if I pass it through url parameter (?token=[token]) or as Auth header (Bearer: [token]). Anyone still experiencing this? I followed everything in the tutorial. Also configured both .htaccess in my public folder, and in my apache configuration.

  Route::get('/test', function () {
    return JWTAuth::parseToken()->authenticate();
  });

Going to this route returns

TokenInvalidException in NamshiAdapter.php line 71:
Token Signature could not be verified.

For lookups, here is my authentication method from my AuthController.php

  public function authenticate(Request $request) {
    $credentials = $request->only('email', 'password');

    $user = User::where('email', Input::get('email'))->first();

    try {
      if (!$token = JWTAuth::attempt($credentials)) {
        return $this->respondUnauthorized();
      }
    } catch (JWTException $e) {
        return $this->respondInternalError('Could not create token!');
    }
    // dd()
    return $this->respond([
      'token' => compact('token'),
      'user' => $user]);
  }

My routes middleware group: Route::group(['middleware' => ['jwt.auth', 'jwt.refresh']], function() {

There must be something wrong? Is this just a minor bug or am I missing something?

About this issue

  • Original URL
  • State: open
  • Created 8 years ago
  • Reactions: 8
  • Comments: 19 (1 by maintainers)

Most upvoted comments

I had been experiencing this issue as well, however I discovered the issue is having a colon : after bearer is actually not supported. Remove that from your Authorization header and you should be good to go.

+11
MitchellMcKenna on Jan 16, 2017

“setting the api secret in jwt.php”

in fact on config/jwt.php, there is the line’secret’ => env(‘JWT_SECRET’),

Generate the key with this helper php artisan jwt:generate (for some reason I dont know why it doesnt set in the .env file itself like php artisan key:generate). Copy the key (jwt-auth secret [DSvO98YtJ0204mBu9zqWN9QOMX7Tmvr9] set successfully.) without the bracket and add it in .env file like JWT_SECRET=DSvO98YtJ0204mBu9zqWN9QOMX7Tmvr9 or you can change it straigth in jwt.php secret' => env('DSvO98YtJ0204mBu9zqWN9QOMX7Tmvr9')

remember to have your .env file in your project if you dont have do php -r "copy('.env.example', '.env');" and php artisan key:generate

+6
NaPsTeRScofielD on Mar 18, 2017

+1

+6
anilskalyane on Nov 28, 2016

I solve this issue running

php artisan jwt:secret

+5
casivaagustin-zz on Nov 22, 2017

Hey all… for some reason this started working when I changed my auth header to be bearer TOKEN ie:

key: Authorization value: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIU......Vlqb0AjEds

Previously I used bearer{djjdnskaF93jasdf.....FDSaM} - using the brackets { } - which was throwing this error.

My composer.json:

"require": {
        "php": ">=5.6.4",
        "doctrine/dbal": "^2.5",
        "facebook/graph-sdk": "^5.4",
        "folklore/graphql": "~1.0.0",
        "guzzlehttp/guzzle": "^6.3",
        "laravel/framework": "5.4.*",
        "laravel/tinker": "~1.0",
        "predis/predis": "^1.1",
        "tymon/jwt-auth": "0.5.*",
        "webpatser/laravel-uuid": "^2.0"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "mockery/mockery": "0.9.*",
        "phpunit/phpunit": "~5.7"
    },
+4
elliottjro on Jul 31, 2017

Thanks so much. Removing the brackets ‘{}’ worked.

+2
jameybay on Jul 31, 2017

Here same issue: i get randomly Token Signature could not be verified. (but token validation performed with jwt debugger are correct). Here the stack:

Tymon\JWTAuth\Exceptions\TokenInvalidException Token Signature could not be verified. 
    vendor/tymon/jwt-auth/src/Providers/JWT/NamshiAdapter.php:71 Tymon\JWTAuth\Providers\JWT\NamshiAdapter::decode
    vendor/tymon/jwt-auth/src/JWTManager.php:79 Tymon\JWTAuth\JWTManager::decode
    vendor/tymon/jwt-auth/src/JWTAuth.php:190 Tymon\JWTAuth\JWTAuth::getPayload
    vendor/tymon/jwt-auth/src/JWTAuth.php:124 Tymon\JWTAuth\JWTAuth::authenticate
    app/Providers/RouteServiceProvider.php:36 App\Providers\RouteServiceProvider::boot
    [internal] call_user_func_array
    bootstrap/cache/compiled.php:1257 Illuminate\Container\Container::call
    bootstrap/cache/compiled.php:1899 Illuminate\Foundation\Application::bootProvider
    bootstrap/cache/compiled.php:1891 Illuminate\Foundation\Application::Illuminate\Foundation\{closure}
    [internal] array_walk
    bootstrap/cache/compiled.php:1892 Illuminate\Foundation\Application::boot
    bootstrap/cache/compiled.php:2231 Illuminate\Foundation\Bootstrap\BootProviders::bootstrap
    bootstrap/cache/compiled.php:1666 Illuminate\Foundation\Application::bootstrapWith
    bootstrap/cache/compiled.php:2412 Illuminate\Foundation\Http\Kernel::bootstrap
    bootstrap/cache/compiled.php:2365 Illuminate\Foundation\Http\Kernel::sendRequestThroughRouter
    bootstrap/cache/compiled.php:2350 Illuminate\Foundation\Http\Kernel::handle
    public/index.php:53 [main]

A pretty old project, i know…

"laravel/framework": "5.2.*",
"tymon/jwt-auth": "0.5.*",
+1
emacaste on Feb 3, 2023

I noticed vendor\tymon\jwt-auth\src\Providers\JWT\Namshi.php decode function takes in my token as: “: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiTGF1cmkgRWxpYXMiLCJleHAiOjE0ODE4ODE0NjV9.PgENjq9vuTeijRrPIXIyc1ioFE1DoEzPikMZlZYsO7eJepRqj5SN354glSjqi2ozaYC2HQ1m2egi_WxH3tFifqefwhAeBAiHOuOTGQ9ZpDOUKWlM-ld8P4m3h0qEwg5hFPJ03r7lmjBKzxfU7rWPaeL3cmEOlfX4OWGRXAdUvcs” (notice the colon and space)

If I add a rather blunt workaround:

        if ($token[0] == ':' && $token[1] == ' ') {
            $token = substr($token, 2);
        }

My tests go green.

+1
Lauriy on Dec 6, 2016
Read more comments on GitHub
← jwt-auth: The GET method is not supported for this route. Supported methods: POST - Laravel 5.8
jwt-auth: Token Invalid Error →