Hi,

preface: i dont have APM available for this specific issue.

I get a JWT sent in the Auth header, and i can just parse it fine from within an irule. the part that i just cannot get to work is to verify the signature.

It always fails, no matter what i try and if i try to do a CRYPTO::sign with the same data/alg/key, i always get different results from i.e. jwt.io.

log local0.debug [b64encode [CRYPTO::sign -alg hmac-sha512 -key "test1234" "{\"alg\":\"HS512\",\"typ\": \"JWT\"}.{\"sub\":\"indy\",\"iat\":1609754374,\"exp\":1609754434}"]]

this gives a completely different result than on jwt.io (apart from the signature on jwt.io being b64url-encoded).

Any idea why?

Thanks,

Rene