Invalid signature attempting to verify token Node.JS

Extensions
1

Unsure if my secret is the problem, or my token. I’m currently grabbing the token like so:

var JWT;
window.Twitch.ext.onAuthorized(
    function(auth){
        JWT = auth.token;
    }
);

When passed to my backend, I have code like so

const secret = '.....';
// ....
// verify token with secret
jwt.verify(req.body.token, secret, function(err, decoded) {
    console.log(err);
});

But when attempting to verify this, I get

boilerplatebackend_1 | at /boilerplate/backend/node_modules/body-parser/lib/read.js:130:5 name: 'JsonWebTokenError', message: 'invalid signature' }

Does anyone know what I could be doing wrong? Much appreciated if so!

P.S. I am using the ‘jsonwebtoken’ library for Node.JS

2

I found the solution :slight_smile:

My issue was that I needed to wrap the secret in a buffer. For those ever encountering this issue, make sure you use:

var secret = new Buffer('yoursecret', 'base64');
3

There is a neat node package out there that handles stuff like that for you -> https://www.npmjs.com/package/twitchext-helper

Quick Example:

const custom_options = {
    "jwt_secret": {
        "encoded": true, //default is to assume base64, will decode for you
        "expires": 1503343947, //for signing jwts
        "enabled": true, //enable below options
        "method":"path",//path to file that holds jwt_secret
        "location": "../../config/variables" //file with jwt_secret variable
      },
    "client_id": "some client id",
    "client_secret": "some client secret"
}


const twitchext = require('twitchext-helper')(custom_options);

//Custom configuration
twitchext.verify(signedToken, function(err, decoded){
    if(err){throw err;}
    console.log(decoded);
});
 
//Default configuration
twitchext.verify(signedToken, "some secret here", function(err, decoded){
    if(err){throw err;}
    console.log(decoded);
});

You can set that jwt_secret encoded option to true and it will always decode for you when using twitch-helper functions through out the rest of your code. Package is still in early stages but is working good so far