Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP - JWT get token wrong number of segments

I need consume a API using JWT, for this, I'm build a API client from PHP with using Guzzle and Firebase PHP-JWT

The documentation of API say: Prepare and post a JWT for authorization.

Endpoint URL:

https://api.example.com/auth

The JWT has three components, the header, the payload and the signature.

Header: { "alg": "HS256", "typ": "JWT" }
Payload: { "clientId": "YOUR_CLIENT_ID","requestTime": "Y-m-d H:i:s" } (requestTime in GMT)
Signature: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), YOUR_CLIENT_SECRET )

The code to get token is the follow:

<?php

use \Firebase\JWT\JWT;

class Client 
{
    ...
    private function getAuthToken() 
    {
        $requestTime = date('Y-m-d H:i:s T', time());
        $payload = [
            'clientId' => 'A1b2C3d4E5',
            'requestTime' => $requestTime
        ];

        $key = '9z8Y7x6w5V4';
        $alg = 'HS256';
        $token = JWT::encode($payload, $key, $alg);

        $client = new \GuzzleHttp\Client;
        $headers = ['content_type' => 'application/x-www-form-urlencoded'];
        $response = $client->request('POST', 'https://api.example.com/auth', $headers, $token);
        $body = $response->getBody();
        $data = \json_decode($body->getContents());
    }
    ...
}

If print $data I get

stdClass Object
    (
        [success] => false
        [data] => Wrong number of segments 
    )

My problem: I do not know why this error is due and if I am sending the request in some incorrect way.

I'm a newbie consuming API resource with JWT and I guess I'm building the wrong way something. I have some values of static way only to test purpose.

like image 952
Ale Avatar asked Feb 24 '19 20:02

Ale


People also ask

What is a JWT token?

However, if you look more closely, there are three separate strings. The first string is the JWT header. It’s a Base64, URL-encoded JSON string. It specifies which cryptographic algorithm was used to generate the signature, and the token’s type, which is always set to JWT. The algorithm can be either symmetric or asymmetric.

What are JWTs and how to use them with PHP?

And in yet more recent times, JWTs, or JSON Web Tokens, have been increasingly used as another way to authenticate requests to a server. In this article, you’ll learn what JWTs are and how to use them with PHP to make authenticated user requests.

How does PHP detect if a token is valid?

For each request received by our application, PHP will attempt to extract the token from the Bearer header. If it’s present, it’s then validated. If it’s valid, the user will see the normal response for that request.

How does the server determine if the token should be given?

The server can inspect the token and determine if access should be given to the “bearer” of the token. Here’s an example of the header: For each request received by our application, PHP will attempt to extract the token from the Bearer header.


1 Answers

My mistake was in how I sent the token, since I had to send it in the body of the request in the following way:

....
$client = new \GuzzleHttp\Client;
$headers = [
    'content_type' => 'application/x-www-form-urlencoded',
    'body' => $token
];
$response = $client->request('POST', 'https://api.example.com/auth', $headers);
....

With this I get the correct response from the API.

like image 72
Ale Avatar answered Oct 31 '22 20:10

Ale