There is a problem in SpringSecurity 6 when signing JWT. For example, I have these 2 methods in my application:

` public String generateToken(UserDetails userDetails) { return generateToken(new HashMap<>(), userDetails); }

public String generateToken( Map extraClaims, UserDetails userDetails ) { return Jwts .builder() .setClaims(extraClaims) .setSubject(userDetails.getUsername()) .setIssuedAt(new Date(System.currentTimeMillis())) .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 24)) .signWith(getSignInKey(), SignatureAlgorithm.HS256) .compact(); }

private Key getSignInKey() { byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY); return Keys.hmacShaKeyFor(keyBytes); } `

Right now, I am passing getSignInKey(), and algorithm in signWith(). There is no way to verify JWT that is generated on the client ( I am using Next.js ). In the previous version, it was possible to do it because it was possible to pass 'string' as secret_key into signWith ().

I tried a lot of libraries, methods, etc... But every time I get 'Signature failed', which means that secret_key failed.

So, what do you suggest? Is it possible to sign the key in a different way?

Comment From: sjohnr

Thanks for getting in touch @nedim-bajric, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.