JAVA JWT token is not working- "invalid signature "

Hi Team,
I have enabled jtw token in Prosody for authentication, when I am generating manually jwt token from jwt.io authentication is working fine and also I can join the meeting. But same i was trying to generate using java , but the generated token is not working. Here I attached my java code to generate jwt token.
++++++++++++++++++++++++++++++
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);

	  byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(jwtSecret);
	    Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
	    
	    Map<String, Object> headerClaims = new HashMap<String,Object>();
		headerClaims.put("kid", app_id);//"kid"
		headerClaims.put("alg","HS256");//"alg
		headerClaims.put("typ","JWT");//"typ"
	    
	//Let's set the JWT Claims
    JwtBuilder builder = Jwts.builder()
    		.setHeader(headerClaims)
    		.claim("iss", app_id)
            .claim("aud", "jitsi")
            .claim("sub", "meet.jit.si")
            .claim("room", "jagan")
            .signWith(signatureAlgorithm, signingKey);
    +++++++++++++++++++++++++++++====

Error in prosody:
Jun 21 12:56:34 bosh0c27cc68-acc7-4181-a7e2-e503b943881c info BOSH client disconnected: session close
Jun 21 13:11:07 conference.meet.artemustech.com:muc_domain_mapper warn Session filters applied
Jun 21 13:11:07 mod_bosh info New BOSH session, assigned it sid 'b5e44ffe-f2f6-4f42-8f95-a129ca4ce562’
Jun 21 13:11:07 general warn Error verifying token err:not-allowed, reason:Invalid signature
Jun 21 13:15:50 mod_bosh info Client tried to use sid ‘b5e44ffe-f2f6-4f42-8f95-a129ca4ce562’ which we don’t know about

Generated Token:eyJraWQiOiJaMjl0YjI5dWMwRnlkR1Z0ZFhNPSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJpc3MiOiJaMjl0YjI5dWMwRnlkR1Z0ZFhNPSIsImF1ZCI6ImppdHNpIiwic3ViIjoibWVldC5qaXQuc2kiLCJyb29tIjoiamFnYW4ifQ.8hxwK_8SKI56ytkhoM42kEv4BENJ1qmzPO2tAPWubyY

Please help me on this.

Regards,
Jaganath

HS256 is signing with shared secret. Where you try to sign with private key …

Thanks @damencho,
Here is the full code snippet :
++++++++++++++++++++++
Map<String, Object> headerClaims = new HashMap<String,Object>();
headerClaims.put(“kid”, app_id);//“kid”
headerClaims.put(“alg”,“HS256”);//"alg
headerClaims.put(“typ”,“JWT”);//“typ”
String secret = “******************************”;

		Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(secret), 
                SignatureAlgorithm.HS256.getJcaName());
		
		
		JSONObject context = new JSONObject();
		JSONObject user = new JSONObject();
		user.put("avatar", "https://cdn1.iconfinder.com/data/icons/website-internet/48/website_-_male_user-512.png");
		user.put("name", "Jaganath Panda");
		user.put("email", "jaganath@gmail.com");
		context.put("user", user);
		JSONObject payload = new JSONObject();
		payload.put("context", context);
		payload.put("aud", "meet.artemustech.com");
		payload.put("iss", "Z29tb29uc0FydGVtdXM=");
		payload.put("sub", "meet.artemustech.com");
		payload.put("room", "jagan");

		String jwtToken = Jwts.builder()
				.setHeaderParams(headerClaims)
		        .setPayload(payload.toString())
		        .signWith(hmacKey)
		        .compact();

HS256 signWith : Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(secret),
SignatureAlgorithm.HS256.getJcaName());

Regards,
jaganth

When using HS256 do not add kid.

Thanks @damencho,
Even I tried to remove headerClaims.put(“kid”, app_id); , still its not working. Please can you share sample code so I can try my end on the same.

Regards,
Jaganath

var payload = {
    "iss": "my_issuer_from_config",
    "aud": "jitsi-meet-web-client",
    "sub": "*",
    "room": '123',
  }

var jwt = require('jsonwebtoken');
var token = jwt.sign(payload, 'my shared secret', { algorithm: 'HS256' });

console.log(encodeURI("?jwt=" + token));

What is you prosody config?

@damencho I am very happy about your quick response:
prosody configuration is working fine , means when I am generating token from jwt.io its working fine . Below I given the sample token which is working fine. When I am generating through java code its giving error.
+++++++++++++
https://meet.artemustech.com/jagan?jwt=eyJraWQiOiJaMjl0YjI5dWMwRnlkR1Z0ZFhNPSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJhdWQiOiJtZWV0LmFydGVtdXN0ZWNoLmNvbSIsInN1YiI6Im1lZXQuYXJ0ZW11c3RlY2guY29tIiwiY29udGV4dCI6eyJ1c2VyIjp7Im5hbWUiOiJKYWdhbmF0aCBQYW5kYSIsImF2YXRhciI6Imh0dHBzOi8vY2RuMS5pY29uZmluZGVyLmNvbS9kYXRhL2ljb25zL3dlYnNpdGUtaW50ZXJuZXQvNDgvd2Vic2l0ZV8tX21hbGVfdXNlci01MTIucG5nIiwiZW1haWwiOiJqYWdhbmF0aEBnbWFpbC5jb20ifX0sImlzcyI6IloyOXRiMjl1YzBGeWRHVnRkWE09Iiwicm9vbSI6ImphZ2FuIn0.DWAkTz4xqh9zgxGP1DHERIjOLxzx-EJWhI2PmES13Hc
++++++++++++++++++++++++

Prosody configuration:
++++++++++++++++++++++++
nano /etc/prosody/conf.avail/meet.artemustech.com.cfg.lua
GNU nano 2.9.3 /etc/prosody/conf.avail/meet.artemustech.com.cfg.lua

admins = { "focus@auth.meet.artemustech.com", "jvb@auth.meet.artemustech.com" }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.meet.artemustech.com
ssl = {
key = “/etc/prosody/certs/auth.meet.artemustech.com.key”;
certificate = “/etc/prosody/certs/auth.meet.artemustech.com.crt”;
}
authentication = “internal_plain”

Component “focus.meet.artemustech.com
component_secret = “rT5klPVJ5QrMmx9c”

Component “speakerstats.meet.artemustech.com” “speakerstats_component”
muc_component = “conference.meet.artemustech.com

Component “conferenceduration.meet.artemustech.com” “conference_duration_component”
muc_component = “conference.meet.artemustech.com

+++++++++++++++++++++=

Regards,
Jaganath

@damencho
Please find the attached prosody-config fileprosody-conf.txt (3.6 KB)

Thanks @damencho,
The above nodejs code is generating correct token and the generated token also working fine. But same code i trying using java , its not working. I am trying in spring boot because I have implemented all backend api using spring security.

Regards,
Jaganath