php - 我无法使用 jwt 验证用户
问题描述
我正在尝试使用 Jwt 进行身份验证。找了很多关于Jwt的例子,但是有一个地方我不明白。我可以使用库轻松生成令牌,但我无法验证这里是我使用的库
composer require firebase/php-jwt
我正在创建一个令牌
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
require_once('vendor/autoload.php');
use \Firebase\JWT\JWT;
define('SECRET_KEY','Super-Secret-Key');
define('ALGORITHM','HS256');
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$action = $_GET['action'];
登录.php
if ($action == 'login') {
$email = 'freaky@jolly.com';
$password = '12345678';
if($email == "freaky@jolly.com" && $password == "12345678"){
$iat = time(); // time of token issued at
$nbf = $iat + 10; //not before in seconds
$exp = $iat + 60; // expire time of token in seconds
$token = array(
"iss" => "http://example.org",
"aud" => "http://example.com",
"iat" => $iat,
"nbf" => $nbf,
"exp" => $exp,
"data" => array(
"id" => 11,
"email" => $email
)
);
http_response_code(200);
$jwt = JWT::encode($token, SECRET_KEY);
$data_insert=array(
'access_token' => $jwt,
'id' => '007',
'name' => 'Jolly',
'time' => time(),
'username' => 'FreakyJolly',
'email' => 'contact@freakyjolly.com',
'status' => "success",
'message' => "Successfully Logged In"
);
}else{
$data_insert=array(
"data" => "0",
"status" => "invalid",
"message" => "Invalid Request"
);
}
} else if($action == 'stuff'){
if (! isset($_SERVER['argv'][1])) {
exit('Please provide a key to verify');
}
$jwt = $_SERVER['argv'][1];
try {
$decoded = JWT::decode($jwt, SECRET_KEY, array(ALGORITHM));
print_r($decoded);
}catch (Exception $e){
http_response_code(401);
$data_insert=array(
//"data" => $data_from_server,
"jwt" => $jwt,
"status" => "error",
"message" => $e->getMessage()
);
}
}
echo json_encode($data_insert);
创建令牌:http ://www.ismailcakir.com/jwt/test2.php?action=login
{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9leGFtcGxlLm9yZyIsImF1ZCI6Imh0dHA6XC9cL2V4YW1wbGUuY29tIiwiaWF0IjoxNTg2NDM4NTg4LCJuYmYiOjE1ODY0Mzg1OTgsImV4cCI6MTU4NjQzODY0OCwiZGF0YSI6eyJpZCI6MTEsImVtYWlsIjoiZnJlYWt5QGpvbGx5LmNvbSJ9fQ.NylRpDkb4cLMxMGAg9ovmLerNf0dLPBHegqmPRDRxlE","id":"007","name":"Jolly","time":1586438588,"username":"FreakyJolly","email":"contact@freakyjolly.com","status":"success","message":"Successfully Logged In"}
东西:http ://www.ismailcakir.com/jwt/test2.php?action=stuff
在这里,我收到 argv 变量未定义的警告,我无法调用您创建的令牌。创建令牌后,我需要能够在不使用 cookie 或会话的情况下调用它。我尝试了很多方法,但我无法理解如何服用。
解决方案
根据文档:
注意:当 register_argc_argv 被禁用时,此变量不可用。
最有可能是你的情况。您可以在配置中启用它,或者使用$_SERVER
我推荐的 superglobal,因为它不受配置差异的影响并且始终有效(包括 CLI):
$jwt = $_SERVER['argv'][1];
对$argc
.
推荐阅读
- c - 为什么我可以释放结构的一部分它释放所有结构
- c - 我写的 Bcrypt 实现返回正确的成本和盐,但加密的消息不正确
- azure - Dynamics 365 和 Azure 事件中心集成
- python - Python:如何通过被另一个字符串列表分割的子字符串创建一个列表?
- sql - 展平/统一表行,其中条件与 ABAP 或 SQL 匹配数组
- webpack - 无法处理堆栈输出:require(...)[func] 不是函数
- javascript - 在 Blazor 服务器应用程序中使用 Canvas 并在加载时运行函数
- javascript - 为什么这没有在表单上显示电子邮件?
- c - C 中的 Fizzbuzz 访问磁盘
- javascript - 删除所有非数字而不创建新数组