@lcobucci use Lcobucci\JWT\Builder;
$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issued (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (exp claim)
->set('uid', 1) // Configures a new claim, called "uid"
->getToken(); // Retrieves the generated token
After i run this code and get token i paste this token here https://jwt.io/ debugger and i got the error " Invalid Signature"
"message": "It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line",
jsonwebtoken
library and I can verify by a hash the password the user is sending and then generate the token and send it back and afterwards use the verify
function in order to very all the upcoming transactions.
@prudhvivijaykumar that's a use-case for adding a storage layer to build a blacklist/whitelist of JTI (token identifiers) - I'd say a whitelist sounds more appropriate since you won't know which token to add to the blacklist when issuing a new one. You'd surely have to set the JTI on your tokens to be able to match things.
Bear in mind that not setting an expiration time may lead to security issues if the token gets stolen.