在这里,我有一些苗条的PHP代码可以登录,并且可以检查它是否对存储在标头中的JWT进行解码。
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify user id
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
$payload = array(
"iat" => time(),
"exp" => time() + 36000,
// "id" => $input['id']
"context" => [
"user" => [
"id" => $input['id']
]
]
);
try {
$token = JWT::encode($payload, $settings['jwt']['secret'],"HS256"); // $token store the token of the user
} catch (Exception $e) {
echo json_encode($e);
}
return $this->response->withJson($payload,200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200)
->withAddedHeader('Authorization', $token);
});
$app->get('/get', function ($request, $response) {
$jwt = $request->getHeader("Authorization");
$settings = $this->get('settings');
$token = JWT::decode($jwt, $settings['jwt']['secret'], "HS256"); // $token store the token of the user
if ($token) {
return $this->response->withJson($token, 200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200);
}
return $this->response->withJson($token,401)
->withHeader('Content-type', 'application/json;charset=utf-8', 401);
});
但是当我尝试运行http://localhost:8080/get时,它将返回错误
传递给Firebase \ JWT \ JWT :: decode()的参数3必须为数组类型。
为什么会发生,我该如何解决?
答案 0 :(得分:0)
答案 1 :(得分:0)
如果我在同一函数中解码,则返回已解码的JWT,但如果我在其他函数中解码,则返回错误。如何将jwt传递给其他功能?
$app->post('/login', function ($request, $response) {
$key = "supersecretkeyyoushouldnotcommittogithub";
$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify user id
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
$payload = array(
"iat" => time(),
"exp" => time() + 36000,
// "id" => $input['id']
"context" => [
"user" => [
"id" => $input['id']
]
]
);
try {
$token = JWT::encode($payload, $key); // $token store the token of the user
} catch (Exception $e) {
echo json_encode($e);
}
// return $this->response->withJson($payload,200)
// ->withHeader('Content-type', 'application/json;charset=utf-8', 200)
// ->withHeader('Authorization', $token);
$decoded = JWT::decode($token, $key, array('HS256'));
print_r($decoded);
});