TLDR
jwt.io will not generate a JWT for my private key?!?
On jwt.io, I navigated over to the “Debugger”.
Then I…
- I changed the algorithm to ES256
- I added my private key seen below
- Added header and payload seen below
(DON’T WORRY, THIS KEY IS NOW DELETED ON coinbase)
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFP84NI7eJwHDoCL6HN4fKpXdSlDPY6GXAa5mlJh/vwtoAoGCCqGSM49
AwEHoUQDQgAEaXMCwzBuy+TTNuxxj7FnSA++ZNcbh8B4x1cYmsjSZ2CUj96uYGfV
QQyjxCuFDRa12gtlnG11Ok24xomP7bhgXw==
-----END EC PRIVATE KEY-----
Header
{
"alg": "ES256",
"kid": "organizations/cbafb4b3-3756-48fd-adb6-d3ac5c395fd7/apiKeys/1318daa0-5b1f-4d24-bd83-1f5ba72dedc3",
"nonce": "8ab206ff2b3b1464",
"typ": "JWT"
}
Payload
{
"aud": "retail_rest_api_proxy",
"exp": 1708992742,
"iat": 1708992622,
"iss": "coinbase_cloud",
"nbf": 1708992622,
"sub": "organizations/cbafb4b3-3756-48fd-adb6-d3ac5c395fd7/apiKeys/1318daa0-5b1f-4d24-bd83-1f5ba72dedc3",
"uri": "GET api.coinbase.com/api/v3/brokerage/accounts"
}
But jwt.io gives me an “Invalid Signature” error and does not output an encoded jwt.
Is there something wrong with my key? I’ve tried two different keys now with the same issue.
If you care
I’ve been really struggling to properly sign a JWT token with C++. I first attempted creating a jwt using Qt and QMessageAuthenticationCode::hash, using HMAC SHA256. But Coinbase Cloud trading keys need ES256. (I found that out here).
I’ve finally gotten something together using the jwt-cpp library, using openssl. I’m now successfully generating a token, but I’m still failing to authenticate with coinbase. I went to jwt.io to confirm that my signature is correct…
…I’d paste my generated jwt in. It would correctly fill out the HEADER and PAYLOAD sections. I then would put in my private key, but kept getting “Invalid Signature” errors.
So I decided that I’d just try jwt.io to generate a token so that I can see if even a curl command would authenticate me with coinbase…
curl -H "Authorization: Bearer JWT_TOKEN" 'https://api.coinbase.com/api/v3/brokerage/accounts'
But jwt.io would not even create a token for me…
…and that brings us to the TLDR