Invalid signature attempting to verify token Node.JS

Unsure if my secret is the problem, or my token. I’m currently grabbing the token like so:

var JWT;
        JWT = auth.token;

When passed to my backend, I have code like so

const secret = '.....';
// ....
// verify token with secret
jwt.verify(req.body.token, secret, function(err, decoded) {

But when attempting to verify this, I get

boilerplatebackend_1 | at /boilerplate/backend/node_modules/body-parser/lib/read.js:130:5 name: 'JsonWebTokenError', message: 'invalid signature' }

Does anyone know what I could be doing wrong? Much appreciated if so!

P.S. I am using the ‘jsonwebtoken’ library for Node.JS

I found the solution :slight_smile:

My issue was that I needed to wrap the secret in a buffer. For those ever encountering this issue, make sure you use:

var secret = new Buffer('yoursecret', 'base64');

There is a neat node package out there that handles stuff like that for you ->

Quick Example:

const custom_options = {
    "jwt_secret": {
        "encoded": true, //default is to assume base64, will decode for you
        "expires": 1503343947, //for signing jwts
        "enabled": true, //enable below options
        "method":"path",//path to file that holds jwt_secret
        "location": "../../config/variables" //file with jwt_secret variable
    "client_id": "some client id",
    "client_secret": "some client secret"

const twitchext = require('twitchext-helper')(custom_options);

//Custom configuration
twitchext.verify(signedToken, function(err, decoded){
    if(err){throw err;}
//Default configuration
twitchext.verify(signedToken, "some secret here", function(err, decoded){
    if(err){throw err;}

You can set that jwt_secret encoded option to true and it will always decode for you when using twitch-helper functions through out the rest of your code. Package is still in early stages but is working good so far