Hi Joe,
In my scenario JWT is signed & encoded by Android APP itself, so we're just decoding the received payload which looks like below
Header: eyJhb......{"Alg":"RS256"}
Payload: eyJpc3MiOiA.................................................{JSON Payload}
Signature: tNsz............+oQkJ8............
2smADKaUOvvnjGp+kZ70b.........3ksDV3hjLbi........./LxENCDrKrCJvsq8XS
Ps...........1/U=
If you see above signature, there are few special characters present which might be causing issue, i'm not sure as i tried removing those characters as well. so what i'm stuck at is how to verify the signature part? as mentioned earlier SHA256withRSA is being used by application. My flow goes something as below: