Error:Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256

Hi All,

I am using the below java code to generate JWT Token:-

    Map<String,Object> header = new HashMap<>();
	header.put(“alg”,“HS256”);
	header.put(“type”,“JWT”);
	
	 String headerEncode = Base64.getUrlEncoder().encodeToString(header.toString().getBytes());
	    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
	    //SignatureAlgorithm.
	    //This is the secret
	    SecretKey key = Keys.hmacShaKeyFor("<API_SECRET>".getBytes(StandardCharsets.UTF_8));
	    //This is the key
	    String jwt = Jwts.builder().setHeader(header).setIssuer("<API_KEY>").
	            setExpiration(new Date(new Date().getTime()+80000000)).signWith(key,signatureAlgorithm).compact();
	    //System.out.println(headerEncode);
	    System.out.println(jwt);

I am getting the below error message when I am providing the token returned above to postman /v2/users endpoint:-

{
“code”: 124,

“message”: “The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256”

}

The behaviour is same when I am generating the token provided to me by jwt.io as well. This was working a week earlier without any issues.
Please let me know what is wrong here? Any help would be greatly appreciated.

Hey @dipankar86,

Thank you for reaching out to the Zoom Developer Forum. I’m not familiar with using this signing flow with Java but I’m thinking that using io.jsonwebtoken.security.Keys.hmacShaKeyFor creates a key with the wrong bit-depth. Please use the Java method outlined in our Generate a Signature documentation to see if that resolves your issues.

This also seems like an issue that would bets fit our #client-web-sdk category so I’ll move it over there. I hope that helps! Let me know if you have any questions.

Thanks,
Max