PHP JWT无效签名_Php_Jwt_Encode_Signature

PHP JWT无效签名

php jwt

PHP JWT无效签名,php,jwt,encode,signature,Php,Jwt,Encode,Signature,鉴于此代码： function base64url_encode($data) { return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); } $key = 'secret'; //setting the header: 'alg' => 'HS256' indicates that this token is signed using HMAC-SHA256 $header = array( 'alg'

鉴于此代码：

function base64url_encode($data) {
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

$key = 'secret';

//setting the header: 'alg' => 'HS256' indicates that this token is signed using HMAC-SHA256
$header = array(
    'alg' => 'HS256',
    'typ' => 'JWT'
);

// Returns the JSON representation of the header
$header = json_encode($header); 

//encodes the $header with base64.  
$header = base64url_encode($header);

$payload = array("a" => "b");

$payload = json_encode($payload);       
$payload = base64url_encode($payload);

$signature = hash_hmac('SHA256','$header.$payload', $key, true);
$signature = base64url_encode($signature); 

echo "$header.$payload.$signature";

返回以下JWT：

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.rhCKIvkwiuNcchxDZnGak8XT1q8lmLhnm8aIxzUioWg

但该签名未经验证

有效载荷被很好地解密了。。。可能有什么问题？

在计算HMAC时，在

$header.payload

周围使用单引号，而不是双引号；前者使用文本字符串，不展开变量：

$signature = hash_hmac('SHA256', "$header.$payload", $key, true);

哇，太快了！谢谢，就这样！基本的PHP知识我猜，但我来自JS：(