JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties.
When you receive a response that the JWT you’re passing to Piano (as part of Piano Auth) is invalid, please check the parameters that are being passed.
Here is a raw format of the JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEcnVwYWwgOCAoaHR0cHM6Ly9zdGFnaW5nLXNjbXAtZDgucHJvZHVjdC13ZWIuZGV2LTIuc2NtcC50ZWNoKSIsImF1ZCI6IjU4ZTI2YWM4LWNmMzktNDg3NC1iZWQ0LWYwMjZhMDI4YTZlZSIsImlhdCI6MTU5NTkyMzAyOSwiZXhwIjoxNjA0NTYzMDI5LCJmaXJzdF9uYW1lIjoiSm9zZWZhIiwibGFzdF9uYW1lIjoiQnJhdm8iLCJlbWFpbCI6Impvc2VmYS5icmF2b0BleGFtcGxlLmNvbSIsInN1YiI6IjM1Y2FmZmY5LTUyNmQtNDE1Zi1iMTYyLTg0YjcyNTYwNzliZCJ9.voxoFdP4AML0OsnJqukw6VRmi0zq7MQn_JP8JQzLA7Q
A decoded JWT payload can look like this:
{aud: "58e26ac8-cf39-4874-bed4-f026a028a6ee",
email: "test@example.com",
exp: 1604563029,
first_name: "John",
iat: 1595923029,
iss: "Drupal 8 (https://staging.com)",
last_name: "Doe",
sub: "35cafff9-526d-415f-b162-84b7256079bd"}
You need to make sure to pass a unique uid/sub for each user.
More information on how to create a JWT token is available here.