JWT validity cannot be asserted and should not be trusted.

A模块调用B模块时，总提示"JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."
信息如下：

2022-03-24 15:12:23 [http-nio-8002-exec-2] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet].log 175 - Servlet.service() for servlet [dispatcherServlet] in context with path [/zex-weixin] threw exception
io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354)
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
 at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
 at com.zex.modules.security.utils.JwtTokenUtil.getAllClaimsFromToken(JwtTokenUtil.java:55)
 at com.zex.modules.security.utils.JwtTokenUtil.getClaimFromToken(JwtTokenUtil.java:48)
 at com.zex.modules.security.utils.JwtTokenUtil.getIssuedAtDateFromToken(JwtTokenUtil.java:40)
 at com.zex.modules.security.utils.JwtTokenUtil.validateToken(JwtTokenUtil.java:121)
 at com.zex.modules.security.security.JwtAuthorizationTokenFilter.doFilterInternal(JwtAuthorizationTokenFilter.java:59)
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
 at org.springframework.security.web.FilterChainProxy$

查了一圈~~

原因:登录模块创建token的secret key与当前需要验证token的模块的secret key 不一致。

尝试解决：使两个模块的application.yml中设置的jwt secret key一致。
但是，依旧提示"JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."

继续跟开发沟通，反馈测试环境是正常的，生产环境才报错！

尝试直接拷贝测试环境的application-video-prod.yml配置文件过来替换生产环境application-prod.yml(当然修改了相关参数，但没动到jwt的参数)

#jwt
jwt:
  header: Authorization
  secret: mySecret

结果居然正常了！！！

diff检查两个配置文件，内容完全一致

检查编码也一致…

猜测，jwt.secret: mySecret格式要求比较高，最好在编译前就定义好，后续再修改，认证可能会出现异常。