Does anyone know why the jws signatures created by the golang.org/x/oauth2/jws are displayed as "invalid signature" on jwt.io ? As far as I'm concerned it seems compliant with the JWS creation specs[0] but it looks like jwt.io is expecting a public key or "jwk string" as well ?
Below is an example of signatures that appears as "invalid" on jwt.io [1] and the code[2] [0] https://openid.net/specs/draft-jones-json-web-signature-04.html#anchor5 [1] eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZ29vZ2xlLmNvbS8iLCJhdWQiOiIiLCJleHAiOjM2MTAsImlhdCI6MTB9.iIT1HnaZbpbN80TUunM_FAPgerBD4LilNZIX-M55tzRqgE8nDC57inkQF0KcVyLk4Y55WOtBlSj045u35twKkHokEGjSpSSQT31Rcf6ugxqYMKnqIvw9quzwaPJA_RmiudJVuCe_zyVka008M7fZfblwcaTWr1AXZ3iUrwOZnnP9Hli0merjPicVhNIG7SbZTyGFh6P9NUiX0y54iqsV_3yXQZep_UGJYuLR7v1hRRr1tphEiNUt4lBtcp_7nraLnUDTyMraZ8WpTwvn57GAQ4ShzxotEkR3z_5zDxsHRirJcLSBWZ-SNHl3XYXhGV48ePiMJlZ-PR6OQfJ35f-WiQ [2] https://go.dev/play/p/7fr-CxOIVvd // You can edit this code! // Click here and start typing. package main import ( "crypto/rand" "crypto/rsa" "fmt" jws "golang.org/x/oauth2/jws" ) func main() { header := &jws.Header{ Algorithm: "RS256", Typ: "JWT", } payload := &jws.ClaimSet{ Iss: "http://google.com/", Aud: "", Exp: 3610, Iat: 10, } privateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { panic(err) } token, err := jws.Encode(header, payload, privateKey) if err != nil { panic(err) } fmt.Println(token) } -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/4fc2b94e-009a-4b3b-81c3-740a10e4255en%40googlegroups.com.