Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 19 13:10
    lcobucci unassigned #312
  • Sep 19 13:10
    lcobucci assigned #312
  • Sep 19 13:08
    lcobucci commented #312
  • Sep 19 13:08
    Ocramius closed #312
  • Sep 19 13:08
    Ocramius commented #312
  • Sep 19 13:08
    lcobucci labeled #312
  • Sep 19 13:07
    lcobucci assigned #312
  • Sep 19 13:05
    tommasodargenio opened #312
  • Sep 17 12:46
    lcobucci commented #183
  • Sep 17 12:08
    gregdeluxee commented #183
  • Sep 13 08:00
    lcobucci commented #309
  • Sep 13 07:11
    IceWizard2809 commented #309
  • Sep 13 07:10
    IceWizard2809 commented #309
  • Sep 13 07:03
    markhughes commented #309
  • Sep 07 05:58
    sajadabasi commented #311
  • Sep 07 05:49
    sajadabasi commented #311
  • Sep 07 04:09
    infuginindia commented #311
  • Sep 06 15:36
    sajadabasi commented #311
  • Sep 06 08:02
    Ocramius commented #311
  • Sep 06 07:59
    infuginindia opened #311
Marco Pivetta
@Ocramius
@ArunaSanjeewa what have you tried out so far? What happened instead of what you expected?
Aruna Sanjeewa
@ArunaSanjeewa
I have yii2 basic project with webvimark user management module.I need to configure any JWT api authentication for my project
Marco Pivetta
@Ocramius
What research did you do so far? Are there no existing yii2 integrations?
Aruna Sanjeewa
@ArunaSanjeewa
its my final year project.I try this jwt but it doesnt work
Luís Cobucci
@lcobucci
@ArunaSanjeewa what exactly you tried that didn't work? I'm not really familiar with yii2 and am not sure how helpful I can be but let's try =)
Adeshina Hammed H.
@D-sense
My need is to supply "payload" (in other words, JSON object) as a "signer" along with metabase_secret_key
But I am not able to do that; it accepts just $signer and the key. Any solution around this?
I want to achieve something like this:

`var jwt = require("jsonwebtoken");

// these should match the settings in your Metabase instance
var MB_SITE_URL = "http://localhost:3000";
var MB_EMBEDDING_SECRET_KEY = "a1c0952f3ff361f1e7dd8433a0a50689a004317a198ecb0a67ba90c73c27a958";

var payload = {
resource: { dashboard: 1 },
params: {}
};

//sign the JWT token with our secret key
var signedToken = jwt.sign(payload, MB_EMBEDDING_SECRET_KEY);

//construct the URL of the iframe to be displayed
var iframeUrl = ${MB_SITE_URL}/embed/question/${signedToken}#bordered=true&titled=true;`

Luís Cobucci
@lcobucci
@D-sense the payload is passed automatically to the signer when creating the token, the problem is probably related to the way you're wrapping your values in arrays when calling Builder#set().
It's important to mention that you should never paste your signing key like that, even though it's a development key. Don't forget to regenerate a new key for your tests
Adeshina Hammed H.
@D-sense
Thank you, Luis. It was a test key and I have generated a new one already.
Luís Cobucci
@lcobucci
:+1:
did you manage to solve your issue?
Adeshina Hammed H.
@D-sense
Yes, I have managed to resolve the issue. I saw a node.js app example using your packaged and passed the payload directly to "sign" method, so I thought I could achieve the same way.
But, I can see that payload is passed automatically and that is confirmed when I debug 'token'.
Thank you a lot.
Luís Cobucci
@lcobucci
cool, you can also use https://jwt.io to check the correctness of your token
Adeshina Hammed H.
@D-sense
Right, I will do that too
laurenskok
@laurenskok
Does anyone no if it's possible to set the algoritm used (in the header) via the php builder?
Luís Cobucci
@lcobucci
@laurenskok the header is properly configured when you're signing the token, why do you feel the need to modify it?
laurenskok
@laurenskok
Thank you for your answer, sadly I can not find any documentation about how to set headers?
Luís Cobucci
@lcobucci

@laurenskok it's indeed not properly documented in the README.md, however the method is available in the builder https://github.com/lcobucci/jwt/blob/c9704b751315d21735dc98d78d4f37bd73596da7/src/Builder.php#L195-L204

But don't forget that the alg header is modified when you sign the token: https://github.com/lcobucci/jwt/blob/c9704b751315d21735dc98d78d4f37bd73596da7/src/Builder.php#L237

laurenskok
@laurenskok

Hi Luis,

Thank you for your reply.

I managed to build an access token. Nevertheless the expiration date of the access token is 27 September 1970. Did this issue occurred before?

Luís Cobucci
@lcobucci
@laurenskok sorry, I can't really help without understanding what you're doing... can you please create a gist with code you're using?
Michael Glenn
@TheGlenn88_gitlab
hi anyone still here?
Luís Cobucci
@lcobucci
Sure... :)
doox911
@doox911
Hi. How validate signature?
doox911
@doox911
Разобрался спасибо.
Piotr Rybałtowski
@piotrek-r
Hey! I really like this library. I work a lot with JWTs and the lib is very helpful. I'm looking forward for the version 4. I know there's still no docs available but is there maybe some example code available? Or maybe some other library/project on github that already uses it and I could see how they use it? If not creating tokes, maybe just the verification part. Thanks!
Taner
@taneraruk_gitlab
Hi, I try to use jwt authentication, how can I avoid authentication for specific rest endpoints? I added @Secured("isAnonymous()") and Secured(SecurityRule.IS_ANONYMOUS) but i did not work. Where I am wrong? any idea?
Milos Novicevic
@milosnovi
hey there

@lcobucci use Lcobucci\JWT\Builder;

$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issued (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (exp claim)
->set('uid', 1) // Configures a new claim, called "uid"
->getToken(); // Retrieves the generated token

After i run this code and get token i paste this token here https://jwt.io/ debugger and i got the error " Invalid Signature"

After i keep debugging I got the error that my jwt needs to have 2 dots
although i generate one with Builder()
Do you have idea what we are doing wrong
Luís Cobucci
@lcobucci
Hey everyone, I'm terribly sorry about my delay to get back to you.
@piotrek-r I'm actually working on that right now :)
@taneraruk_gitlab sorry but that seems to be another library, this one does't have any annotation
@milosnovi you probably already solved this but you're not signing your token. Check https://github.com/lcobucci/jwt/blob/3.2/README.md#token-signature or https://github.com/lcobucci/jwt/blob/3.3/README.md#token-signature (in case you already migrated to v3.3)
flihub
@flihub
anyone here?
Luís Cobucci
@lcobucci
Yeap...
@flihub there's a delay, but we're here :smile:
flihub
@flihub
still:?
flihub
@flihub
i wrote to github. please answer. thank u:
Alek Salazar
@PenguinTamer
Greetings!
Anyone online and willing to help me w/ a weird error?
"message": "It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line",
Luís Cobucci
@lcobucci
@PenguinTamer hey, glad to see you found the error on #310 and mentioned the resolution. Thanks :)
Alek Salazar
@PenguinTamer
@lcobucci Thank you! And i really like your library. Makes working w/ JWT easy!
Luís Cobucci
@lcobucci
It's really good to hear that, thanks!