JAVA JWT token is not working- "invalid signature "

Hi Team,
I have enabled jtw token in Prosody for authentication, when I am generating manually jwt token from authentication is working fine and also I can join the meeting. But same i was trying to generate using java , but the generated token is not working. Here I attached my java code to generate jwt token.
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);

	  byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(jwtSecret);
	    Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
	    Map<String, Object> headerClaims = new HashMap<String,Object>();
		headerClaims.put("kid", app_id);//"kid"
	//Let's set the JWT Claims
    JwtBuilder builder = Jwts.builder()
    		.claim("iss", app_id)
            .claim("aud", "jitsi")
            .claim("sub", "")
            .claim("room", "jagan")
            .signWith(signatureAlgorithm, signingKey);

Error in prosody:
Jun 21 12:56:34 bosh0c27cc68-acc7-4181-a7e2-e503b943881c info BOSH client disconnected: session close
Jun 21 13:11:07 warn Session filters applied
Jun 21 13:11:07 mod_bosh info New BOSH session, assigned it sid 'b5e44ffe-f2f6-4f42-8f95-a129ca4ce562’
Jun 21 13:11:07 general warn Error verifying token err:not-allowed, reason:Invalid signature
Jun 21 13:15:50 mod_bosh info Client tried to use sid ‘b5e44ffe-f2f6-4f42-8f95-a129ca4ce562’ which we don’t know about

Generated Token:eyJraWQiOiJaMjl0YjI5dWMwRnlkR1Z0ZFhNPSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJpc3MiOiJaMjl0YjI5dWMwRnlkR1Z0ZFhNPSIsImF1ZCI6ImppdHNpIiwic3ViIjoibWVldC5qaXQuc2kiLCJyb29tIjoiamFnYW4ifQ.8hxwK_8SKI56ytkhoM42kEv4BENJ1qmzPO2tAPWubyY

Please help me on this.


HS256 is signing with shared secret. Where you try to sign with private key …

Thanks @damencho,
Here is the full code snippet :
Map<String, Object> headerClaims = new HashMap<String,Object>();
headerClaims.put(“kid”, app_id);//“kid”
String secret = “******************************”;

		Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(secret), 
		JSONObject context = new JSONObject();
		JSONObject user = new JSONObject();
		user.put("avatar", "");
		user.put("name", "Jaganath Panda");
		user.put("email", "");
		context.put("user", user);
		JSONObject payload = new JSONObject();
		payload.put("context", context);
		payload.put("aud", "");
		payload.put("iss", "Z29tb29uc0FydGVtdXM=");
		payload.put("sub", "");
		payload.put("room", "jagan");

		String jwtToken = Jwts.builder()

HS256 signWith : Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(secret),


When using HS256 do not add kid.

Thanks @damencho,
Even I tried to remove headerClaims.put(“kid”, app_id); , still its not working. Please can you share sample code so I can try my end on the same.


var payload = {
    "iss": "my_issuer_from_config",
    "aud": "jitsi-meet-web-client",
    "sub": "*",
    "room": '123',

var jwt = require('jsonwebtoken');
var token = jwt.sign(payload, 'my shared secret', { algorithm: 'HS256' });

console.log(encodeURI("?jwt=" + token));

What is you prosody config?

@damencho I am very happy about your quick response:
prosody configuration is working fine , means when I am generating token from its working fine . Below I given the sample token which is working fine. When I am generating through java code its giving error.

Prosody configuration:
nano /etc/prosody/conf.avail/
GNU nano 2.9.3 /etc/prosody/conf.avail/

admins = { "", "" }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “
ssl = {
key = “/etc/prosody/certs/”;
certificate = “/etc/prosody/certs/”;
authentication = “internal_plain”

Component “
component_secret = “rT5klPVJ5QrMmx9c”

Component “” “speakerstats_component”
muc_component = “

Component “” “conference_duration_component”
muc_component = “



Please find the attached prosody-config fileprosody-conf.txt (3.6 KB)

Thanks @damencho,
The above nodejs code is generating correct token and the generated token also working fine. But same code i trying using java , its not working. I am trying in spring boot because I have implemented all backend api using spring security.