What causes "JsonWebTokenError: invalid signature"?

Wrong secret key used to verify the token The token was signed with RS256 but verified with HS256 (or vice versa) The token was manually edited or corrupted after signing Different environments use different JWT secrets The public key used for verification doesn't match the private key used for signing

JWT Error2 Fixes Available

JsonWebTokenError: invalid signature

JsonWebTokenError: invalid signature

What does this error mean?

This error means the JWT's signature does not match. Either the token was tampered with, the wrong secret/key was used to verify it, or the token was signed with a different algorithm than expected.

Common Causes

Wrong secret key used to verify the token
The token was signed with RS256 but verified with HS256 (or vice versa)
The token was manually edited or corrupted after signing
Different environments use different JWT secrets
The public key used for verification doesn't match the private key used for signing

How to Fix It (2 Solutions)

Decode the header to check the algorithm

Use our JWT Decoder to inspect the 'alg' field in the header and ensure your verification matches.

Verify the secret matches

Ensure the JWT_SECRET environment variable is identical in both the signing and verifying services.

Code

// Signing
const token = jwt.sign(payload, process.env.JWT_SECRET);

// Verifying — must use the SAME secret
jwt.verify(token, process.env.JWT_SECRET);

Fix this error faster with our free tool

JWT Decoder

Open JWT Decoder

Related Errors

JWT

JsonWebTokenError: jwt expired

View fix

Browse all error fixes