Can't find the error. the Token always comes as a complete string

forgot to comment out, but it doesn't affect the result

You are using an asymetric signing method (ES256, which is based on ECDSA), but you are supplying a symmetric key ([]byte). You either need to use a symmetric signing method, such as HMAC or provide a *ecdsa.PrivateKey for ES256.

You can find more about this in our new project page (which is still under construction): https://golang-jwt.github.io/jwt/usage/create/ and https://golang-jwt.github.io/jwt/usage/signing_methods/#signing-methods-and-key-types