I am looking to know why we subtract the first 7 token characters during authentication, as in:
substr($_SERVER["HTTP_AUTHORIZATION"],7)
Asked
Active
Viewed 380 times
1 Answers
4
See this example: Best HTTP Authorization header type for JWT
The HTTP header is like that (on one line):
Authorization: Bearer eyJhbGciOiJIUzI1NiIXVCJ9...TJVA95OrM7E20RMHrHDcEfxjoYZgeFONFh7HgQ
So you need to remove the "Bearer " part which is 7 characters long plus one for the space, but since in most languages things are indexed starting at 0, in the above string the token starts at position 7.
See https://jwt.io/introduction/ for more explanations on the header content.
Patrick Mevzek
- 10,995
- 16
- 38
- 54