'HS256', 'typ' => 'JWT' ]; $b64Header = self::jsonB64Encode ($header); $b64Payload = self::jsonB64Encode ($payload); $b64Signature = self::getSignature ($b64Header, $b64Payload, $key); return "$b64Header.$b64Payload.$b64Signature"; } /** * Validates and extracts the data from a JWT token. * * @param {Array} $token The JWT token * @param {string} $key The key used to validate the token * @return {string} The JWT validated and decoded data */ static function decode ($token, $key) { $parts = explode ('.', $token); if (count($parts) !== 3) throw new Exception ('Bad JWT token'); $b64Header = $parts[0]; $b64Payload = $parts[1]; $b64Signature = $parts[2]; $header = self::jsonB64Decode ($b64Header); $payload = self::jsonB64Decode ($b64Payload); if ($b64Signature != self::getSignature ($b64Header, $b64Payload, $key)) throw new Exception ('Bad token signature'); return $payload; } static function getSignature ($b64Header, $b64Payload, $key) { $signature = hash_hmac ('sha256', "$b64Header.$b64Payload", $key, TRUE); return self::base64UrlEncode ($signature); } static function jsonB64Encode ($data) { return self::base64UrlEncode (json_encode ($data)); } static function jsonB64Decode ($data) { return json_decode (self::base64UrlDecode ($data), TRUE); } static function base64UrlEncode ($data) { return rtrim (strtr (base64_encode ($data), '+/', '-_'), '='); } static function base64UrlDecode ($data) { $remainder = strlen ($data) % 4; $data = strtr ($data, '-_', '+/'); return base64_decode (str_pad ($data, $remainder, '=', STR_PAD_RIGHT)); } }