Invalid JWTs

An Invalid JWT Will Fail on the Init

If an invalid JWT is passed in on the init, then an error will be passed back on the payments.validated event listener. There are several reasons why the JWT may be considered invalid, and this article will cover the most common reasons why this situation may occur.

The JWT is expired

This is a common but easily resolved issue that almost always revolved around the value of the iat claim.

By default, a JWT has a "lifespan" of two hours from it's creation.
  1. If the value of the iat claim is greater than two hours, then the JWT will no longer be considered valid.
  2. If you are using the exp claim, you will want to make sure it does not expire a JWT too quickly.
  3. Make sure to use UTC time when generating the value for the iat claim.
  4. The creation of a new JWT on page load is a best practice to help users avoid this scenario.

The JWT is using the wrong credentials

Make sure to use the right endpoints and credentials!

Just as there are different staging and production Songbird URLs, your API credentials are environment specific as well.
  1. Verify whether you are using the staging or production Songbird URL.
  2. Verify that you are using the correct API Identifier, API Key, and Org Unit Id for the Songbird URL you are using (i.e. Stag or Prod).

The JWT does not include all required claims

Claims that are missing or out of scope will result in an error.

If a required claim is not included in the JWT or is out of scope, then the JWT will be considered invalid.

The JWT is using an unsupported algorithm

At this time Songbird will only accept HS256 for the JWT

Verify that you are using HS256 for the alg claim
  1. This may be configured by passing in the correct argument in a JWT encode/creation function from a 3rd party library. Check the documentation for the library that you are using.
  2. You can also verify the value of your encoded JWT's alg claim by using a corresponding decode function from your 3rd party library.