3

I am trying to generate a JWT token which I will do in my Laravel project like this solution I found: https://github.com/luciferous/jwt/blob/master/JWT.php

So I have 2 questions I am trying to get wrap my head around:

In my Next.js React project, i would set the JWT in a cookie to remember it. Is that right? And then can pass it with every request to the server to verify the user.

How could I decode it then in Next.js? So that I could get some basic info out of it like a username.

strangeQuirks
  • 4,761
  • 9
  • 40
  • 67
  • You encode your JWT using a key, so you would need that key to be able to decode your JWT (This would be done on the server side, as I don't think it would be safe to pass it along to the client). – ZombieTfk Dec 19 '17 at 08:51
  • ah okay, so i should never decode it in my React Application? Then I would just have to always pass the information I need from the laravel api? Would be nice to be able to access some data in the react application by decoding the jwt – strangeQuirks Dec 19 '17 at 08:54
  • It's certainly possible to decode on the client, but it would depend on how much you're willing to trust them. – ZombieTfk Dec 19 '17 at 08:56
  • Try https://stackoverflow.com/questions/38552003/how-to-decode-jwt-token-in-javascript – Nigel Ren Dec 19 '17 at 08:56

2 Answers2

3

For JWT Decoding in Javascript you could use Auth0's JWT decode library(https://github.com/auth0/jwt-decode) which makes it simple to decode(no verification) encoded JWT tokens.

You would just read the JWT token from the set cookie and decode it like this:

var token = 'eyJ0eXAiO.../// jwt token';
var decoded = jwt_decode(token);

You can also use a simple function to decode it which would look like this:

function parseJwt (token) {
    var base64Url = token.split('.')[1];
    var base64 = base64Url.replace('-', '+').replace('_', '/');
    return JSON.parse(window.atob(base64));
};

There is no problem with decoding JWT tokens directly in the React application, just make sure that you always verify the encoded token on the server side so it can't be a modified JWT token by the user.

Marco
  • 517
  • 6
  • 19
  • But the secret I use to encode it in php is needed right? plus the algorithm? – strangeQuirks Dec 19 '17 at 09:07
  • @user1009698 No the secret is not needed. It is only needed for verifying the token, but not for just accessing the data stored in the JWT token which is a JSON object encoded with Base64 – Marco Dec 19 '17 at 09:14
  • I'm trying the same, it seems it's decoding just fine however I'm getting a different object than what I'd prep as my payload in my server side, any additional things I need to do? – Luis Deras May 01 '20 at 21:46
0
You can also try this

For encoding and Decoding JWT payload in laravel.

//import this file.
use Firebase\JWT\JWT;

//create a payload.


$payload = 
[
            
            "email" => $user->email,

            "username" => $user->username
        ];

//for encoding payload

        $token = JWT::encode($payload, 'secret', 'HS256');

//for decoding $token

        $data = JWT::decode($token, new Key('secret', 'HS256'));
Wizard
  • 1
  • 1