Cloudflare worker + JWT


using cloudflare-worker-jwt, are there any known mismatches with the way ghost verifies the token?

Running though node per the docs example, I have no problem, but cloudflare-worker-jwt gives the following:

"errors": [
        "message": "Invalid token: invalid signature",
        "context": null,
        "type": "UnauthorizedError",
        "details": null,
        "property": null,
        "help": null,
        "code": "INVALID_JWT",
        "id": "61765fd0-d8a3-11ed-ae6f-d1690b7fc7d0",
        "ghostErrorCode": null

Looking at both tokens at they decode identically (afaik my eyes). This is the failing cloudflare-worker-jwt one:

Here’s the worker script

import jwt from '@tsndr/cloudflare-worker-jwt';

export default {
  async fetch(request: Request, env: any) {
    // Admin API key goes here
    const API_KEY =

    const [keyId, secret] = API_KEY.split(':');

    const nowTs = Math.round( / 1000);

    const payload = {
      exp: nowTs + 300,
      iat: nowTs,
      aud: '/admin/',

    const token = await jwt.sign(payload, secret, {
      algorithm: 'HS256',
      header: { typ: 'JWT', kid: keyId },

    const data = await fetch(
        headers: {
          Authorization: `Ghost ${token}`,
          'Content-Type': 'application/json',
          'Accept-Version': 'v5.15',
        method: 'GET',
    ).then(async (res) => {
      return {
        res: await res.json(),

    return new Response(JSON.stringify(data, null, 2));