Airflow 3.0.6: "JWT token is not valid: Signature verification failed" when using SimpleAuthManager #65971

will-m-buchanan · 2026-04-27T18:46:07Z

will-m-buchanan
Apr 27, 2026

I'm currently trying to debug another issue, here: #65785. As part of my debugging I reverted back to an earlier commit from before I had engaged the FAB auth manager. The SimpleAuthManager had worked previously, but is suddenly giving me trouble.

After the API server loads, I open the UI and am redirected to a basic login screen. I enter the credentials that have been randomly generated (by default found in $AIRFLOW_HOME/simple_auth_manager_passwords.json.generated). Upon submitting the credentials I am briefly shown a UI screen that says "Forbidden" before being quickly redirected back to the login screen (the "Forbidden" page goes away too quickly for me to make out anything else about it).

The logs show:

INFO:     <IP-a>:52654 - "GET /<path to airflow>/api/v2/monitor/health HTTP/1.1" 200 OK
2026-04-27T17:20:54.864474Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:50096 - "POST /<path to airflow>/auth/token HTTP/1.1" 201 Created
2026-04-27T17:20:54.955604Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:50096 - "GET /<path to airflow>/ HTTP/1.1" 200 OK
2026-04-27T17:20:55.254005Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.254583Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:50096 - "GET /<path to airflow>/ui/config HTTP/1.1" 403 Forbidden
2026-04-27T17:20:55.331793Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:50096 - "GET /<path to airflow>/api/v2/auth/login?next=https%3A%2F%2F<url to airflow>%2F<path to airflow>%2F HTTP/1.1" 307 Temporary Redirect
2026-04-27T17:20:55.346190Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.346703Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.347403Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.347983Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.348305Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:50096 - "GET /<path to airflow>/ui/config HTTP/1.1" 403 Forbidden
INFO:     <IP-b>:35908 - "GET /<path to airflow>/ui/auth/menus HTTP/1.1" 403 Forbidden
2026-04-27T17:20:55.350236Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
2026-04-27T17:20:55.350797Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:35908 - "GET /<path to airflow>/api/v2/plugins HTTP/1.1" 403 Forbidden
INFO:     <IP-b>:35910 - "GET /<path to airflow>/api/v2/version HTTP/1.1" 200 OK
2026-04-27T17:20:55.396412Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:35910 - "GET /<path to airflow>/auth/login?next=https://<url to airflow>/<path to airflow>/ HTTP/1.1" 200 OK
2026-04-27T17:20:55.420116Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:35910 - "GET /<path to airflow>/api/v2/auth/login?next=https%3A%2F%2F<url to airflow>%2F<path to airflow>%2F HTTP/1.1" 307 Temporary Redirect
2026-04-27T17:20:55.485884Z [error    ] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager] loc=base_auth_manager.py:107
INFO:     <IP-b>:35910 - "GET /<path to airflow>/auth/login?next=https://<url to airflow>/<path to airflow>/ HTTP/1.1" 200 OK
INFO:     <IP-a>:52662 - "GET /<path to airflow>/api/v2/monitor/health HTTP/1.1" 200 OK

This is different behavior from simply putting in the wrong credentials, which just gives me the expected "401 Unauthorized: Invalid credentials" message.

So why am I getting "JWT token is not valid: Signature verification failed" messages when trying to log in with SimpleAuthManager?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Airflow 3.0.6: "JWT token is not valid: Signature verification failed" when using SimpleAuthManager #65971

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Airflow 3.0.6: "JWT token is not valid: Signature verification failed" when using SimpleAuthManager #65971

Uh oh!

will-m-buchanan Apr 27, 2026

Replies: 0 comments

will-m-buchanan
Apr 27, 2026