2

I have tried to implement JWT into my code for authentication. And it seems to work fine for sometime, and then it fails and returns null. And I am unable to figure out what is returning the null.

JWT Files included

include_once("includes/jwt/BeforeValidException.php");
include_once("includes/jwt/ExpiredException.php");
include_once("includes/jwt/JWK.php");
include_once("includes/jwt/JWT.php");
include_once("includes/jwt/SignatureInvalidException.php");

Headers

header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

Getting Data

$data = (object) json_decode(file_get_contents("php://input"));

Functions to get JWT from Header

function getAuthorizationHeader() {
        $headers = null;
        if (isset($_SERVER['Authorization'])) {
            $headers = trim($_SERVER["Authorization"]);
        }
        else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
            $headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
        } elseif (function_exists('apache_request_headers')) {
            $requestHeaders = apache_request_headers();
            $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
            if (isset($requestHeaders['Authorization'])) {
                $headers = trim($requestHeaders['Authorization']);
            }
        }
        return $headers;
    }
function getBearerToken() {
    global $message;
    $headers = getAuthorizationHeader();
    $message .= $headers;
    if (!empty($headers)) {
        if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
            return $matches[1];
        }
    }
    return null;
}
$jwt = getBearerToken();

Code

if ($jwt) {
   try {
      echo json_encode(array("message" => "all good"));
   } catch (Exception $e) {
      echo json_encode(array("message" => "token-error"));
   }
} else {
  echo json_encode(array("message" => "no jwt"));
}

It keeps on saying all good for a few minutes. And all of a sudden it returns null. Not sure what I need to capture in order to know what has returned this null.

JWT Creation

$issuedat_claim = time(); // issued at
$notbefore_claim = $issuedat_claim; //not before in seconds
$expire_claim = $issuedat_claim + 3600; // expire time in seconds
$token = array(
    "iss" => $issuer_claim,
    "aud" => $audience_claim,
    "iat" => $issuedat_claim,
    "nbf" => $notbefore_claim,
    "exp" => $expire_claim,
    "data" => array(
        "email" => $email
));
$jwt = JWT::encode($token, $secret_key);
echo json_encode(
    array(
        "status" => "ok",
        "jwt" => $jwt,
        "email" => $email,
        "expireAt" => $expire_claim,
        "firstname" => $firstname,
        "lastname" => $lastname,
        "userlevel" => $userlevel
    )
);

In order to debug, I went to Network tab to see what is being sent and if the JWT token was missing. And it is there. I am not sure if the JWT login expires after 5 minutes for some reason, I don't know but even if it the token has expired it should go to catch area. What am I doing wrong?

halfer
  • 19,824
  • 17
  • 99
  • 186
Saad Bashir
  • 4,341
  • 8
  • 30
  • 60
  • Add tons of `echo __FILE__ . '@' . __LINE__; var_dump();` or use xDebugger. From your code it seems like `getAuthorizationHeader` returns empty string or NULL. – Justinas May 31 '23 at 13:02

0 Answers0