require('C:/xampp/vendor/autoload.php');
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Hmac\Sha256;
Is that how it is suppose to be?
No problem. I should know how composer works. Thanks for the response.
Hello @titanve, unfortunately I'm not familiar with craftcms 3. However, after a quick look, it seems here lies your answer: https://github.com/edenspiekermann/craft-jwt-auth/blob/develop/src/services/JWT.php
Hello @lcobucci thank you for the link it's very helpful. The thing is that how that it interacts because in NodeJS I have an express server using
jsonwebtoken library and I can verify by a hash the password the user is sending and then generate the token and send it back and afterwards use the verify function in order to very all the upcoming transactions.
Apparently is a TODO
Hopefully, our docs should support you https://github.com/lcobucci/jwt/blob/3.3/README.md
If you're using JWT for authentication, then I'd say you must always verify and validate. Otherwise, people might attack your system by tampering the token
Hello, I am some mistakes, <span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Fatal error:
Uncaught Zend\ServiceManager\Exception\ServiceNotFoundException: Unable to resolve service
"Lcobucci\JWT\Configuration" to a factory; are you certain you provided it during configuration? in
C:\xampp\htdocs\api\vendor\zendframework\zend-servicemanager\src\ServiceManager.php on line <i>687</i>
Uncaught Zend\ServiceManager\Exception\ServiceNotFoundException: Unable to resolve service
"Lcobucci\JWT\Configuration" to a factory; are you certain you provided it during configuration? in
C:\xampp\htdocs\api\vendor\zendframework\zend-servicemanager\src\ServiceManager.php on line <i>687</i>
@prudhvivijaykumar that's a use-case for adding a storage layer to build a blacklist/whitelist of JTI (token identifiers) - I'd say a whitelist sounds more appropriate since you won't know which token to add to the blacklist when issuing a new one. You'd surely have to set the JTI on your tokens to be able to match things.
Bear in mind that not setting an expiration time may lead to security issues if the token gets stolen.
Is there a way to create JSON web key document using this library?
Peace be upon those who follow guidance,
I'm using lcobucci/jwt:^4.0.0-alpha3 on Win 10
require __DIR__ . '/vendor/autoload.php';
// require __DIR__ . '/vendor/bin/autoload.php';
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Token\Plain;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Parser;
$config = $container->get(Configuration::class);
assert($config instanceof Configuration);
$token = $config->getParser()->parse(
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'
. 'eyJzdWIiOiIxMjM0NTY3ODkwIn0.'
. '2gSBz9EOsQRN9I-3iSxJoFt7NtgV6Rm0IL6a8CAwl3Q'
);
assert($token instanceof Plain);
$token->headers(); // Retrieves the token headers
$token->claims(); // Retrieves the token claims
echo $token->getHeader('name'); // will print "4f1g23a12aa"
echo $token->getClaim('iss'); // will print "http://example.com"
echo $token->getClaim('aud'); // will print "1"But I get the following error!
Uncaught Error: Call to a member function on line of $config = $container->get(Configuration::class);
What is the reason?
@Ocramius also the following gives error when trying to get some info from the OIDC response?
$tok = 'signature code';
$token = (new Parser())->parse((string) $tok); // Parses from a string
$token->getHeaders(); // Retrieves the token header
$token->getClaims(); // Retrieves the token claims
echo $token->getHeader('name'); // will print "4f1g23a12aa"
echo $token->getClaim('iss'); // will print "http://example.com"
echo $token->getClaim('aud'); // will print "1"Uncaught Error: Cannot instantiate interface Fatal
copy-pasting from the docs, especially in security-sensitive contexts like this one, won't get you far, and will only get you in trouble :|
And the note in the https://lcobucci-jwt.readthedocs.io/en/latest/issuing-tokens/ :)
Hope this has a simple answer. Using V3.3.1. Trying to create a token per instructions here: https://github.com/lcobucci/jwt/blob/3.3/README.md#token-signature (using hmac signature) . When I try to return $token from my function all I get is {}. When I var_dump($token) it is giving me the entire object in string form, rather than just a JWT. Should it be necessary to parse out $token in order to get the JWT, or am I just misunderstanding how this is to be used? Obviously I am missing something basic. Thanks.
$signer = new Sha256();
$time = time();
$time = time();
$token = (new Builder())->issuedBy('http://example.com') // Configures the issuer (iss claim)
->permittedFor('http://example.org') // Configures the audience (aud claim)
->identifiedBy('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->issuedAt($time) // Configures the time that the token was issue (iat claim)
->canOnlyBeUsedAfter($time + 60) // Configures the time that the token can be used (nbf claim)
->expiresAt($time + 3600) // Configures the expiration time of the token (exp claim)
->withClaim('uid', 1) // Configures a new claim, called "uid"
->getToken($signer, new Key(AZURE_PRIMARY_KEY_AUTH)); // Retrieves the generated token
var_dump($token->getToken());
return $token;