JWT hs512 signature slightly different from jwt.io if calculated with python

Question

So I get different signatures for the same JWT.

Header:

{
  "alg": "HS512",
  &         


        

Answer 1

In your Python code you used Base64 encoding, but the JWT standard requires Base64URL encoding. The differences are that the characters "+" and "/" in Base64 encoding are replaced with "-" and "_" and that padding is omitted.

It might or might not work, depending on the receiving sides Base64URL decoder implementation. To be on the safe side, I recommend to follow the standard.