CODEWITHSUNDEEP
javaphpjsonwebjwt
SefaTunçkanat
SefaTunçkanat

Reputation: 45

JWT Signature verification failed , java to php

I share with you the first codes

php codes http://pastebin.com/b8TNfyzq line 22

JwtTester.java http://pastebin.com/TsF0wsCX line 22

Token created in java code I wrote in php server does not match the token. Although I can not verify the same key on both sides

I'm using github.com/jwtk/jjwt in java code and github.com/firebase/php-jwt in php codes

same with java code and data in key , consists of different token when I create the token in only PHP

Upvotes: 0

Views: 2455

Answers (2)

Arif
Arif

Reputation: 25

for people still facing the issue. if you are creating jwt from java then add the "typ" header to it which is checked by PHP-jwt. Also jjwt encodes the key to base64 so from Java

String jwtSecret = "yoursecret";

Map<String, Object> header = new HashMap<>();
header.put("typ", Header.JWT_TYPE);

String jwt = Jwts.builder()
                    .setHeader(header)
                    .setSubject("someclaim")
                    .setIssuedAt(new Date())
                    .setExpiration(expiryDate)
                    .signWith(SignatureAlgorithm.HS512,TextCodec.BASE64.encode(jwtSecret))
                    .compact();

in php

define('SECRET', 'yoursecret');
$decoded = (array) JWT::decode($jwt,SECRET, array('HS512'));

Also it doesn't seems to decode correctly if the secret contains special characters.

Upvotes: 1

pedrofb
pedrofb

Reputation: 39251

Is a format conversion issue. jjwt requires a key encoded in base64 and php-jwt uses a plain string

Jjwt JwtBuilder

JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);

Php-jwt JWT

 /**
 * Decodes a JWT string into a PHP object.
 *
 * @param string        $jwt            The JWT
 * @param string|array  $key            The key, or map of keys.
 *                                      If the algorithm used is asymmetric, this is the public key
public static function decode($jwt, $key, $allowed_algs = array()

Encode your key in base64 before invoking JwtBuilder.signWith

builder.signWith(SignatureAlgorithm.HS256, 
                               DatatypeConverter.printBase64Binary(key));

Upvotes: 0

Related Questions