dev-resources.site
for different kinds of informations.
How does JWT work?
Published at
6/27/2023
Categories
development
jwt
security
beginners
Author
Automata
Main Article
Simply put, JWT is a Token in json format working in the web.
JWT is composed of three parts: Header, payload, signature.
The structure of this looks like this xxxxx.yyyyy.zzzzz
.
# Example:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header: Contains information about of algorithm and token type.
{
"alg": "HS256",
"typ": "JWT"
}
Payload:Contains the data that you would like send.
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
Signature: For last, the signature do create encoding the Header, Payload and the SECRET. The SECRET must be shared between emisor and receptor.
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
secret
)
Libraries: firebase/php-jwt
composer require firebase/php-jwt
<?php
require_once 'vendor/autoload.php';
use \Firebase\JWT\JWT;
// Generate a JWT
$secret= "my_secret";
$payload = array(
"sub" => "1234567890",
"name" => "John Doe",
"admin" => true,
"iat" => time(),
"exp" => time() + (60 * 60) // JWT valid for 1 hour
);
$jwt = JWT::encode($payload, $secret);
echo "JWT generated: " . $jwt . "\n\n";
// Verify a JWT
try {
$decoded = JWT::decode($jwt, $clave_secreta, array('HS256'));
echo "JWT verified:\n";
print_r($decoded);
} catch (Exception $e) {
echo "Error verifying el JWT: " . $e->getMessage();
}
?>
Aux Tools:
Featured ones: