@lcobucci use Lcobucci\JWT\Builder;
$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issued (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (exp claim)
->set('uid', 1) // Configures a new claim, called "uid"
->getToken(); // Retrieves the generated token
After i run this code and get token i paste this token here https://jwt.io/ debugger and i got the error " Invalid Signature"
"message": "It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line",
jsonwebtoken
library and I can verify by a hash the password the user is sending and then generate the token and send it back and afterwards use the verify
function in order to very all the upcoming transactions.
@prudhvivijaykumar that's a use-case for adding a storage layer to build a blacklist/whitelist of JTI (token identifiers) - I'd say a whitelist sounds more appropriate since you won't know which token to add to the blacklist when issuing a new one. You'd surely have to set the JTI on your tokens to be able to match things.
Bear in mind that not setting an expiration time may lead to security issues if the token gets stolen.
Peace be upon those who follow guidance,
I'm using lcobucci/jwt:^4.0.0-alpha3 on Win 10
require __DIR__ . '/vendor/autoload.php';
// require __DIR__ . '/vendor/bin/autoload.php';
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Token\Plain;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Parser;
$config = $container->get(Configuration::class);
assert($config instanceof Configuration);
$token = $config->getParser()->parse(
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'
. 'eyJzdWIiOiIxMjM0NTY3ODkwIn0.'
. '2gSBz9EOsQRN9I-3iSxJoFt7NtgV6Rm0IL6a8CAwl3Q'
);
assert($token instanceof Plain);
$token->headers(); // Retrieves the token headers
$token->claims(); // Retrieves the token claims
echo $token->getHeader('name'); // will print "4f1g23a12aa"
echo $token->getClaim('iss'); // will print "http://example.com"
echo $token->getClaim('aud'); // will print "1"
But I get the following error!
What is the reason?