如何在PHP中验证JWT签名?
我有一个生成JWT的函数:
function getToken($user, $expTime){
$jwt = \Firebase\JWT\JWT::encode([
'iss' => request()->getBaseUrl(),
'sub' => "{$user['id']}",
'exp' => $expTime,
'iat' => time(),
'nbf' => time(),
'is_admin' => $user['role_id'] == 1
], getenv("SECRET_KEY"), 'HS256');
return $jwt;
}此函数返回以下标记:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJcL2FwaSIsInN1YiI6InVzNWIzY2M4YmRlMDc4MSIsImV4cCI6NTUxMDY1ODkyNDAwMCwiaWF0IjoxNTMwNzM4NTkwLCJuYmYiOjE1MzA3Mzg1OTAsImlzX2FkbWluIjpmYWxzZX0.3bMaxCaMprURZEDurnckZWSoDRp7ePMxZXDW0B6q6fk
当我使用这个令牌发出一个请求时,我得到的是:
{
"status": "error",
"message": "Signature verification failed"
}为了让它工作,我转到https://jwt.io/,添加密钥,并通过传递密钥来验证它。
然后我得到这个令牌:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIvYXBpIiwic3ViIjoidXM1YjNjYzhiZGUwNzgxIiwiZXhwIjo1NTEwNjU4OTI0MDAwLCJpYXQiOjE1MzA3Mzg1OTAsIm5iZiI6MTUzMDczODU5MCwiaXNfYWRtaW4iOmZhbHNlfQ.heF_L9LrFp7Hht2dbVtOMx_gdUtmPKzrMgxW1_jdWLo
这个可以很好的工作。但是如何用php代码验证它,这样我才能把它发送给用户?
响应代码:
function loginUser($email, $password) {
try {
// Connecting to databas
$db = new db();
$db = $db->connect();
$user = findUserByEmail($email, $db);
if(empty($user)){
echo 'User not found';
exit;
}
if(!password_verify($password, $user['password'])) {
echo 'Password does not match';
exit;
}
$expTime = time() * 3600;
$jwt = getToken($user, $expTime);
// Close databse
$db = null;
} catch(PDOException $e){
echo $e->getMessage();
}
return $jwt;
}回答 2
Stack Overflow用户
发布于 2020-11-22 04:40:08
如果你登陆这个页面是因为“签名验证失败”的谷歌搜索,这里有一件事需要考虑。我收到这个错误是因为Authorization头中的"Bearer“和my token之间有两个空格。
错误:
Authorization:Bearer eyJraWQiOiJDT2N...正确:
Authorization:Bearer eyJraWQiOiJDT2N...Stack Overflow用户
发布于 2018-07-05 06:03:36
最后,我对生成令牌的函数做了一点修改,使其正常工作:
function getToken($user, $expTime){
$key = "secretkey";
$token = array(
'iss' => request()->getBaseUrl(),
'sub' => "{$user['id']}",
'exp' => $expTime,
'iat' => time(),
'nbf' => time(),
'is_admin' => $user['role_id'] == 1
);
return JWT::encode($token, $key);
}https://stackoverflow.com/questions/51180852
复制相似问题