You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello . After making use of its classes and obtaining a token, I debug https://jwt.io/ and the following registered claims are considered invalid: "iat", "nbf", "exp".
The obtained token is as follows:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJqdGkiOiIxIiwiaWF0IjoiMTYxNDE3NDY0OC43OTkzMTAiLCJuYmYiOiIxNjE0MTc0NzA4Ljc5OTMxMCIsImV4cCI6IjE2MTQxNzQ3NjguNzk5MzEwIiwidXNlcklkIjoxLCJ1c2VybmFtZSI6IkNhcmxvcyJ9.5Nbc_aTjzrmFDfuGhC707QXxicreXLRKVT42qBY_HXg
the key is 'key'.
Code:
namespaceApp\Service\Auth\TokenProvider;
useLcobucci\JWT\Configuration;
useLcobucci\JWT\Signer\Hmac\Sha256;
useLcobucci\JWT\Signer\Key\InMemory;
useLcobucci\JWT\Validation\RequiredConstraintsViolated;
classTokenProvider
{
publicfunctioncreateToken(int$userId, string$username)
{
$config = $this->createConfiguration();
$now = new \DateTimeImmutable();
$token = $config->builder()
// Configures the issuer (iss claim)
->issuedBy('http://localhost:8080')
// Configures the audience (aud claim)#->permittedFor('http://example.org')// Configures the id (jti claim)
->identifiedBy($userId)
// Configures the time that the token was issue (iat claim)
->issuedAt($now)
// Configures the time that the token can be used (nbf claim)
->canOnlyBeUsedAfter($now->modify('+1 minute'))
// Configures the expiration time of the token (exp claim)#->expiresAt($now->modify('+1 hour'))
->expiresAt($now->modify('+2 minute'))
// Configures a new claim, called "uid"
->withClaim('userId', $userId)
->withClaim('username', $username)
// Configures a new header, called "foo"#->withHeader('foo', 'bar')// Builds a new token
->getToken($config->signer(), $config->signingKey());
return$token;
}
publicfunctionvalidateToken(string$userToken)
{
$config = $this->createConfiguration();
$token = $config->parser()
->parse($userToken);
$constraints = $config->validationConstraints();
if (! $config->validator()->validate($token, ...$constraints)) {
thrownewRuntimeException('No way!');
}
}
privatefunctioncreateConfiguration()
{
$config = Configuration::forSymmetricSigner(
// You may use any HMAC variations (256, 384, and 512)newSha256(),
// replace the value below with a key of your own!#InMemory::base64Encoded('YSB2ZXJ5IGxvbmcgYSB2ZXJ5IHVsdHJhIHNlY3VyZSBrZXkgZm9yIG15IGFtYXppbmcgdG9rZW5z')InMemory::plainText('key')
// You may also override the JOSE encoder/decoder if needed by providing extra arguments here
);
return$config;
}
}
The text was updated successfully, but these errors were encountered:
Hello . After making use of its classes and obtaining a token, I debug https://jwt.io/ and the following registered claims are considered invalid: "iat", "nbf", "exp".
The obtained token is as follows:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJqdGkiOiIxIiwiaWF0IjoiMTYxNDE3NDY0OC43OTkzMTAiLCJuYmYiOiIxNjE0MTc0NzA4Ljc5OTMxMCIsImV4cCI6IjE2MTQxNzQ3NjguNzk5MzEwIiwidXNlcklkIjoxLCJ1c2VybmFtZSI6IkNhcmxvcyJ9.5Nbc_aTjzrmFDfuGhC707QXxicreXLRKVT42qBY_HXg
the key is 'key'.
Code:
The text was updated successfully, but these errors were encountered: