Signature Not working on IOS

[DenJohX]

Using the React-Native 0.34.0, the output of jwt.encode(payload, jwtSecret) doesn't have a valid signature. This doesn't happens on android.

Using this code:

        const testData = {bar: 'baz', bacon: 'eggs'}
        const testSecret = 'sert212msrghwierlskdSSDt'
        const testPayload = {
            exp: (Date.now() / 1000) + 30,
            lg: 'en',
            data: testData
        }
        const jwtToken = jwt.encode(testPayload, testSecret)

The output for android:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0Nzc1OTQ4MjEuMDkxLCJsZyI6ImVuIiwiZGF0YSI6eyJiYXIiOiJiYXoiLCJiYWNvbiI6ImVnZ3MifX0=.98QwgX3EsaSEbM8u43vhyVFiFWGk890idNHGGVMv9Ko

The output for ios:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0Nzc1OTQ5MjUuOTgyLCJsZyI6ImVuIiwiZGF0YSI6eyJiYXIiOiJiYXoiLCJiYWNvbiI6ImVnZ3MifX0=.vKHO8KSDGTXM7SxcqVIg0HnC1Ib0rriTl1gQYy_4hEUhEUAAAAA

Both can be decoded as tested on jwt.io, but the signature is invalid for ios.

[DenJohX]

There is a weird thing going on, looking at the output here, ios seems to append a bunch of characters to the signature, the header and payload are exactly the same, but the lenght of the signature is greater.

By trimming the extra 8 characters it seems to be valid now, the ios output should be

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0Nzc1OTQ5MjUuOTgyLCJsZyI6ImVuIiwiZGF0YSI6eyJiYXIiOiJiYXoiLCJiYWNvbiI6ImVnZ3MifX0=.vKHO8KSDGTXM7SxcqVIg0HnC1Ib0rriTl1gQYy_4hEU

Which is valid as tested on jwt.io

[DenJohX]

It is also affecting the decoding, in order to decode a valid jwt token on ios is necessary to append the weird last 8 chars as follows:

Duplicate the last 3 chars of the signature and add 'AAAAA'.

if (Platform.OS === 'ios'){
    const tmp = token.slice(-3)
    token = token + tmp + 'AAAAA'
}