I use jsonwebtoken to sign token on my client side
import jsonwebtoken from 'jsonwebtoken';
const { sign } = jsonwebtoken;
export const generateToken = ( ) => {
const payload = { message: 'Hello' };
const secret = import.meta.env.VITE_JWT_SECRET;
console.log(secret)
const options = { expiresIn: '5s' };
const token = sign(payload, secret, options);
return token;
}
and use it
export const AxiosBackend = axios.create({
baseURL: import.meta.env.VITE_BASE_URL_PROXY,
headers: {
"Content-Type": "application/json",
"Token": generateToken()
},
})
and this is the code to validate it
@Service
public class SecurityService {
public boolean validateToken(String token,String secret) {
try{
byte[] secretBytes = Base64.getDecoder().decode(secret);
Claims claims =
Jwts.parserBuilder().setSigningKey(secretBytes).build().parseClaimsJws(token).getBody();
Date expirationDate = claims.getExpiration();
return !expirationDate.before(new Date());
}catch (RuntimeException exception){
System.err.println(exception.getMessage());
return false;
}
}
but i'm always get the error
JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
i'm sure about signature match between client and server, it seem the cause is different library, but i dont know how to solve it.