On macOS (and other Unix-based systems), the way strings are encoded into bytes can differ slightly if you use non-ASCII characters (like ú, ő, or other accented letters) in your JWT secret key.
Because SymmetricSecurityKey expects a byte-exact key, even a small encoding difference makes the token signature invalid.