This is the class i used for JWT encode.
Also i copied jwt code and paste to jwt.io for check payload data. On that site its decoded like this.
{"exp":1592923080,"user_id":"49354541","role":"external"}"
so it’ll be about base64 encode/decode. Going to check that.
public static function encode($payload, $key, $alg = ‘HS256’, $keyId = null, $head = null)
{
$header = array(‘typ’ => ‘JWT’, ‘alg’ => $alg);if ($keyId !== null) { $header['kid'] = $keyId; } if ( isset($head) && is_array($head) ) { $header = array_merge($head, $header); } $segments = array(); $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); $signing_input = implode('.', $segments); $signature = static::sign($signing_input, $key, $alg); $segments[] = static::urlsafeB64Encode($signature); return implode('.', $segments); }
public static function sign($msg, $key, $alg = 'HS256') { if (empty(static::$supported_algs[$alg])) { throw new Exception('Algorithm not supported'); } list($function, $algorithm) = static::$supported_algs[$alg]; switch($function) { case 'hash_hmac': return hash_hmac($algorithm, $msg, $key, true); case 'openssl': $signature = ''; $success = openssl_sign($msg, $signature, $key, $algorithm); if (!$success) { throw new Exception("OpenSSL unable to sign data"); } else { return $signature; } } }