Hi @fencer019 ,
Pardon me for replying late as I was myself learning a bit JWT and hopefully can try to help you a bit further.
So this is my configuration file for JWT which I had followed like you from the official link:
[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
email_claim = email
username_claim = uname
;jwk_set_url = https://foo.bar/.well-known/jwks.json
;jwk_set_file = /path/to/jwks.json
;cache_ttl = 60m
;expected_claims = {"aud": ["foo", "bar"]}
key_file = /etc/grafana/jwt-public-key.pem
auto_sign_up = true
Now, what is different is here that I have put my public key inside the /etc/grafana/jwt-public-key.pem
And I got that public key signature from https://jwt.io/ (using ES256 Hashing Algorithm)
Then, I adjusted some values in the payload e.g. uname and email
Finally did a curl to it e.g.
curl -H "X-JWT-Assertion: ENCODED-TOKEN-HASH" "http://grafana.staged-by-discourse.com/api/user"
gave me output e.g.
{"id":3,"email":"john@example.com","name":"","login":"john","theme":"","orgId":1,"isGrafanaAdmin":false,"isDisabled":false,"isExternal":true,"authLabels":["OAuth"],"updatedAt":"2022-09-
I hope this might give you some more insights to test if your node.js tokens are valid or not.
Also, in my googling I found several articles that if there is like a proxy server or running behind google or other services, then need some additional changes in the configuration.
I hope this helps.