PHP JWT无效签名
鉴于此代码:PHP JWT无效签名,php,jwt,encode,signature,Php,Jwt,Encode,Signature,鉴于此代码: function base64url_encode($data) { return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); } $key = 'secret'; //setting the header: 'alg' => 'HS256' indicates that this token is signed using HMAC-SHA256 $header = array( 'alg'
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
$key = 'secret';
//setting the header: 'alg' => 'HS256' indicates that this token is signed using HMAC-SHA256
$header = array(
'alg' => 'HS256',
'typ' => 'JWT'
);
// Returns the JSON representation of the header
$header = json_encode($header);
//encodes the $header with base64.
$header = base64url_encode($header);
$payload = array("a" => "b");
$payload = json_encode($payload);
$payload = base64url_encode($payload);
$signature = hash_hmac('SHA256','$header.$payload', $key, true);
$signature = base64url_encode($signature);
echo "$header.$payload.$signature";
返回以下JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.rhCKIvkwiuNcchxDZnGak8XT1q8lmLhnm8aIxzUioWg
但该签名未经验证
有效载荷被很好地解密了。。。可能有什么问题?在计算HMAC时,在
$header.payload
周围使用单引号,而不是双引号;前者使用文本字符串,不展开变量:
$signature = hash_hmac('SHA256', "$header.$payload", $key, true);
哇,太快了!谢谢,就这样!基本的PHP知识我猜,但我来自JS:(