Have you checked if the signing secret used is the same on the backend and on the jwt.io?

What you have described seems to be a problem with inconsistent signing secret.

I also had a similar problem on my app and it was because of a space difference in the secret.