JWT usage in PHP and problem handling

official websitehttps://jwt.io/3.0 version HTTPS://GITHUB.COM/LCOBUCCI/JWT installation

Composer require LCOBUCCI/JWT

Depend on

• PHP 5.5+ (v3.2) and PHP 7.1 (v4.x)
• OpenSSL Extension

Example

<?phpuse \lcobucci\jwt\builder;use \lcobucci\jwt\signer\hmac\sha256;include".. /vendor/autoload.php"; $builder=NewBuilder (); $signer=NewSha256 (); $secret="xxxxxxxxxxxxxxxxxxxxx";//set header and payload, the following fields can be customized$builder->setissuer ("xxx.com")//published by->setaudience ("xxx.com")//Recipient->setid ("ABC",true)//identification of the current token setting->setissuedat (Time ())//Token creation Time->setexpiration (Time () + -)//Expiry Time->setnotbefore (Time () +5)//current time before this time, token cannot be used-Set('UID',30061);//Custom Data//Setting up Signatures$builderSign ($signer, $secret);//Gets the encrypted token, converted to a string$token = (string) $builderGetToken (); Var_dump ($token);

Verify token

<?phpuse \lcobucci\jwt\parser;use \lcobucci\jwt\signer\hmac\sha256;include".. /vendor/autoload.php"; $signer=NewSha256 (); $secret="Xxxxxxxxxxxxxxxxxxxxx";//Get token$token = Isset ($_server['http_authorization']) ? $_server['http_authorization'] :"';if(!$token) {Invalidtoken ('Invalid Token');}Try {    //Parsing Tokens$parse = (NewParser ())Parse ($token); //Verify token legitimacy    if(! $parseVerify ($signer, $secret)) {Invalidtoken ('Invalid Token'); }    //Verify that it has expired    if($parseisexpired ()) {Invalidtoken ('already expired'); }    //Get DataVar_dump ($parsegetclaims ());} Catch(Exception $e) {//Var_dump ($e->getmessage ());Invalidtoken ('Invalid Token');} function Invalidtoken ($msg) {header ('http/1.1 403 Forbidden'); Exit ($msg);}

Problem

In the process of developing the app API, it is found that the service side cannot perform OAuth2.0 authentication, which shows that authorization header information cannot be obtained.

Solution 1:

setenvif Authorization "(. *) "http_authorization=$1

This is the Apache document that defines it, and the Mod_setenvif module allows you to set environment variables based on the different aspects of the request that match the specified regular expression. These environment variables can be used by other parts of the server.

Solution 2:

Laravel documentation says that if the username/password is not base64 encoded then Apache seems to abandon the authorization header, to fix this problem can add the following code to the Apache configuration file, the same principle as in Scenario 1

%{http:authorization} ^ (. *) Rewriterule. *-[e=http_authorization:%1]

Solution 3:

Include the token information in the URL

http://Api.yoursite.com/?token={yourtokenhere}

Old and old <[email protected]> the way to solve the problem is to solve it once

JWT usage in PHP and problem handling