php-crud-api
php-crud-api copied to clipboard
mevdschee
Authentication failed for 'JWT'
Hello
I try to get the Auth0 authentification to work, but i'm stuck with a 1012 code Authentication failed for 'JWT' I've read and try several solutions from the doc, #670 , #639 ... I'm still getting the same error in the vanilla.html file just the certificate / with,without the \n / just one kid or two...
Please help me and thanks again to the community
/vanilla.html
var authUrl = 'https://dev-w518***iff11wc6k.us.auth0.com/authorize'; // url of auth0 '/authorize' end-point
var clientId = 'smpc49***deJiv7I7wxelO3o8IoMuY6m'; // client id as defined in auth0
var audience = 'https://davi***81.sg-host.com/api.php/records/'; // api audience as defined in auth0
var url = '/api.php/records/league?filter=sport_id,eq,3';
/api.php
$config = new Config([
// 'driver' => 'mysql',
// 'address' => 'localhost',
// 'port' => '3306',
'username' => 'uagpshz8ovhzf',
'password' => '*****',
'database' => 'dbiwqxn***ytb6',
'middlewares' => 'cors,xsrf,sanitation,authorization,jwtAuth',
'cors.allowedOrigins' => '*',
'cors.allowHeaders' => 'X-Authorization',
'jwtAuth.secrets' => 'kmjmykJW***ZQrXyY4z-4:-----BEGIN CERTIFICATE----\nMIIDHTCCAgWgAwIBAgIJWMc6cFBrTbAfMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjZaFw0zNzAzMDEwOTQ5MjZaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQE***ADggEPADCCAQoCggEBALAPZsPMCnfiAv5GRLxYSXdzWc5aQZRbZHLIFR4N/pj2FOBBHCbDIQrJPTAtXz6mpF2xTTBoKR7WDXEfG84N1DZ1Ef1ZFyPdjO3tvSsigiZA8IoJkcVJRiO0SChp4G9t+LAxF28hCe9A7e+vHSxkn+3UtbdJsW0D2+RRh/bnz5qjGLxA8HfyGDnsg89R/BCpsDpY64/Kem4TFbcv+VWLPonfOqiZ/VJEWU4CQ9O1n7gH3Vuiqu5XyOgTrx496C7F2FO8KIkD/kH/p0OPOZfvqkTdvDLpEHibBZFfN1LnjPrzhCJaYA2TfY6NtFhJT/nqF/cwmDKg5lebN2FKuuJVPacCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYPLabUPtbt4eYAZO03iSP6oYPswDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQB/XCoUJiG62vbrrs5iCvVh6K8egPUhmb1im6IKZ1/xCfP/DffvlUQGQehphZGpESs+1lzIf8y1yzNEErtZKIN3QZbjR78sjw1eOhjWfuwJMb7pAN8fvkq3ORnldG+vxYHtlAw3BsDrKjgPHmEKywyC+mrTUN37AV4h29UN33SrITbsPdHVzSWRS8UTWYJyEQ13hi6391Kc5QCrTUXX8vL4uz9udd1d8fAhqJUsp11qfu59YeSkBasaZYkVki2NU1IYp8nYdUvJ6okrpReVmOqE6HHsKyOn2lrHfW/8k94HwAbuVtQbESyG0MfugNU4GYcqwstNyoSBbcECi5Bdn75d\n-----END CERTIFICATE-----\n'
/*
,LXzmXvnjX3***ekrXJhL6:-----BEGIN CERTIFICATE----\nMIIDHTCCAgWgAwIBAgIJBN5SzkdfETvIMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjdaFw0zNzAzMDEwOTQ5MjdaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJo5cqnJQTFxxtwSyclqpoXfjRLVXyYhEqI9TysAz2kKvAr9SFWWIRTVCl0Tun61vSKo9nA8VJCI2For1lLv/gwyd2UgVKukC3K/j2LJnakR3WOL8dEgM2DAPkQnt1pzhwKDjNkpMwHPBGeumpLr/Sxf6xIBJjOIQyX/ypnBDqnhGn1xjXWOiV***ahAj8pgWttd/Kf6hphh71udj0Vg0QJMwrfD4CyHEkkJshTedSe+D40JVYNXvQs9xp09kk3ePe3Jwo9Sj/LZnEPcVWbzk1Jc95dOqU9BCvUEcIqJmbzdu5bzXIKDZEAtbyzkL1xw4M8lBeK0GkufZuwffNuxjWsCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGF2KTN4XNt1tuQgvfknwL3HVDZIwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQA37piVuFApvv3e46ELlUFy0OD+d2NaxP3di+o7xIcW4aJHh6lUWniWibX1O22qvPivw4se1ByS4Eaa07yHrHX936YcIxz1XyxFMrVJ+8BoBvIJHTY33DUU6YdIUdDZ6/+fQ3oJH6JcC3fBjpX/KZEJARX7TTnnN/VH7fOlchrOddwOao6Edkm1j7v2O6xQqsh7z16facKh3aDzkZsbZIDQgydreGl8MxdrJyFcI+jVrLy/4eCNxdLlBguWS8xybrnmQ8SB03/kBKqQsGmQgbdJTQr6d43VNjkGVlBimR4XYIJjzPHag8LCBJBOLoDhSL5CHi+LZhNwUL1h6axyZ4uh\n-----END CERTIFICATE-----\n'
*/
/*
'jwtAuth.secrets' => '-----BEGIN CERTIFICATE-----MIIDHTCCAgWgAwIBAgIJWMc6cFBrTbAfMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjZaFw0zNzAzMDEwOTQ5MjZaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZ***cNAQEBBQADggEPADCCAQoCggEBALAPZsPMCnfiAv5GRLxYSXdzWc5aQZRbZHLIFR4N/pj2FOBBHCbDIQrJPTAtXz6mpF2xTTBoKR7WDXEfG84N1DZ1Ef1ZFyPdjO3tvSsigiZA8IoJkcVJRiO0SChp4G9t+LAxF28hCe9A7e+vHSxkn+3UtbdJsW0D2+RRh/bnz5qjGLxA8HfyGDnsg89R/BCpsDpY64/Kem4TFbcv+VWLPonfOqiZ/VJEWU4CQ9O1n7gH3Vuiqu5XyOgTrx496C7F2FO8KIkD/kH/p0OPOZfvqkTdvDLpEHibBZFfN1LnjPrzhCJaYA2TfY6NtFhJT/nqF/cwmDKg5lebN2FKuuJVPacCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYPLabUPtbt4eYAZO03iSP6oYPswDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQB/XCoUJiG62vbrrs5iCvVh6K8egPUhmb1im6IKZ1/xCfP/DffvlUQGQehphZGpESs+1lzIf8y1yzNEErtZKIN3QZbjR78sjw1eOhjWfuwJMb7pAN8fvkq3ORnldG+vxYHtlAw3BsDrKjgPHmEKywyC+mrTUN37AV4h29UN33SrITbsPdHVzSWRS8UTWYJyEQ13hi6391Kc5QCrTUXX8vL4uz9udd1d8fAhqJUsp11qfu59YeSkBasaZYkVki2NU1IYp8nYdUvJ6okrpReVmOqE6HHsKyOn2lrHfW/8k94HwAbuVtQbESyG0MfugNU4GYcqwstNyoSBbcECi5Bdn75d-----END CERTIFICATE-----'
*/
/*,
'authorization.tableHandler' => function ($operation, $tableName) {
return $tableName != 'league';
}*/
// 'debug' => false
]);
You could debug yourself through the JwtAuthMiddleware class in the api.php, specifically the getVerifiedClaims function. Check with a debugger or debug statements the correct values of the function parameters and follow the APIs flow through the function until you reach a point where the function "fails" and returns an empty array. That should give you a clue on which specific step the token is invalid.
[26-Jun-2023 12:59:52 UTC] Start of process function. [26-Jun-2023 12:59:52 UTC] Start of getAuthorizationToken function. [26-Jun-2023 12:59:52 UTC] End of getAuthorizationToken function, returning token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Imttam15a0pXQ1NlWlFyWHlZNHotNCJ9.eyJpc3MiOiJodHRwczovL2Rldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNjM5NjQ5Nzg0ODI3MDYyOTIyNiIsImF1ZCI6Imh0dHBzOi8vZGF2aWRkNDgxLnNnLWhvc3QuY29tL2FwaS5waHAvcmVjb3Jkcy8iLCJpYXQiOjE2ODc3ODQzOTAsImV4cCI6MTY4Nzc5MTU5MCwiYXpwIjoic21wYzQ5UXV6ZGVKaXY3STd3eGVsTzNvOElvTXVZNm0iLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.ewCD5aI6cC69zkxlW8wXclBNLyr9t02p81HGcGWnkZAalxENQdmBj61JASrteIMr46javtDPRbA7lqea10GebjQZAhBItd7gCvOekLF1_tT_kQ9e8Qp3rXW8o58FSQf8NztXJ7DgyggyT91si0DEoJI75auWz_epH0bHvT2FBKfSIub0Dvye2Zzz9T-HxdiURX39_fpPpfMN4p7na-O_xwm_sDdbIyUHtmk-wL2QpYIdh4zbo-qn0oXg-1jSgCQiWpThI3OV7asdyYQo62Gz-P44jphAZj6IAzoyCGRyzWF-VPGKkOxNYJQz_Z9yshDyC8HuyT3KIZ1iwZgjBRXRaw [26-Jun-2023 12:59:52 UTC] Start of getClaims function with token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Imttam15a0pXQ1NlWlFyWHlZNHotNCJ9.eyJpc3MiOiJodHRwczovL2Rldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNjM5NjQ5Nzg0ODI3MDYyOTIyNiIsImF1ZCI6Imh0dHBzOi8vZGF2aWRkNDgxLnNnLWhvc3QuY29tL2FwaS5waHAvcmVjb3Jkcy8iLCJpYXQiOjE2ODc3ODQzOTAsImV4cCI6MTY4Nzc5MTU5MCwiYXpwIjoic21wYzQ5UXV6ZGVKaXY3STd3eGVsTzNvOElvTXVZNm0iLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.ewCD5aI6cC69zkxlW8wXclBNLyr9t02p81HGcGWnkZAalxENQdmBj61JASrteIMr46javtDPRbA7lqea10GebjQZAhBItd7gCvOekLF1_tT_kQ9e8Qp3rXW8o58FSQf8NztXJ7DgyggyT91si0DEoJI75auWz_epH0bHvT2FBKfSIub0Dvye2Zzz9T-HxdiURX39_fpPpfMN4p7na-O_xwm_sDdbIyUHtmk-wL2QpYIdh4zbo-qn0oXg-1jSgCQiWpThI3OV7asdyYQo62Gz-P44jphAZj6IAzoyCGRyzWF-VPGKkOxNYJQz_Z9yshDyC8HuyT3KIZ1iwZgjBRXRaw [26-Jun-2023 12:59:52 UTC] Start of getVerifiedClaims function with token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Imttam15a0pXQ1NlWlFyWHlZNHotNCJ9.eyJpc3MiOiJodHRwczovL2Rldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNjM5NjQ5Nzg0ODI3MDYyOTIyNiIsImF1ZCI6Imh0dHBzOi8vZGF2aWRkNDgxLnNnLWhvc3QuY29tL2FwaS5waHAvcmVjb3Jkcy8iLCJpYXQiOjE2ODc3ODQzOTAsImV4cCI6MTY4Nzc5MTU5MCwiYXpwIjoic21wYzQ5UXV6ZGVKaXY3STd3eGVsTzNvOElvTXVZNm0iLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.ewCD5aI6cC69zkxlW8wXclBNLyr9t02p81HGcGWnkZAalxENQdmBj61JASrteIMr46javtDPRbA7lqea10GebjQZAhBItd7gCvOekLF1_tT_kQ9e8Qp3rXW8o58FSQf8NztXJ7DgyggyT91si0DEoJI75auWz_epH0bHvT2FBKfSIub0Dvye2Zzz9T-HxdiURX39_fpPpfMN4p7na-O_xwm_sDdbIyUHtmk-wL2QpYIdh4zbo-qn0oXg-1jSgCQiWpThI3OV7asdyYQo62Gz-P44jphAZj6IAzoyCGRyzWF-VPGKkOxNYJQz_Z9yshDyC8HuyT3KIZ1iwZgjBRXRaw [26-Jun-2023 12:59:52 UTC] End of getClaims function, returning verified claims: []
There seems to be an error while launching the private function getClaims(string $token): array i try to debug more here
[26-Jun-2023 13:04:02 UTC] Start of getClaims function with token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Imttam15a0pXQ1NlWlFyWHlZNHotNCJ9.eyJpc3MiOiJodHRwczovL2Rldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNjM5NjQ5Nzg0ODI3MDYyOTIyNiIsImF1ZCI6Imh0dHBzOi8vZGF2aWRkNDgxLnNnLWhvc3QuY29tL2FwaS5waHAvcmVjb3Jkcy8iLCJpYXQiOjE2ODc3ODQ2NDAsImV4cCI6MTY4Nzc5MTg0MCwiYXpwIjoic21wYzQ5UXV6ZGVKaXY3STd3eGVsTzNvOElvTXVZNm0iLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.RecjR_Zufd_ay2fwY_mYMlCv8u4zmVz39QfBNME0UixOD_cQoEUMkeEcCTDexhlvbr26JjEOquQoFBNQ1KX1RaiswtKasiw9XVJg_fNhA8otWm9as8tvZv1XCqX_cn8nNjECygwRbEPXxGRy6CUtXHV5N4WC3EnEaPHUXrLy5glYTrqKyNG0JIXMRqbwVkpsfKMGTPZQOvXSWKvJbwMG_eMPMk-GopXSPTVLOytHInyyN_h4K5DVL80mtoayDJ7fevukVgt0sgUx12NfQE4lhxU2aZCLJK4M2GZsiYA7rZQORzsAzXD_0sBBYKCgaNxTnIo0MQUlmtGlGEbkqvusUg [26-Jun-2023 13:04:02 UTC] Retrieved 'time' property as: 1687784642 [26-Jun-2023 13:04:02 UTC] Retrieved 'leeway' property as: 5 [26-Jun-2023 13:04:02 UTC] Retrieved 'ttl' property as: 30 [26-Jun-2023 13:04:02 UTC] Retrieved 'secrets' property as: {"kmjmykJWCSeZQrXyY4z-4":"-----BEGIN CERTIFICATE----\nMIIDHTCCAgWgAwIBAgIJWMc6cFBrTbAfMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjZaFw0zNzAzMDEwOTQ5MjZaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAPZsPMCnfiAv5GRLxYSXdzWc5aQZRbZHLIFR4N/pj2FOBBHCbDIQrJPTAtXz6mpF2xTTBoKR7WDXEfG84N1DZ1Ef1ZFyPdjO3tvSsigiZA8IoJkcVJRiO0SChp4G9t+LAxF28hCe9A7e+vHSxkn+3UtbdJsW0D2+RRh/bnz5qjGLxA8HfyGDnsg89R/BCpsDpY64/Kem4TFbcv+VWLPonfOqiZ/VJEWU4CQ9O1n7gH3Vuiqu5XyOgTrx496C7F2FO8KIkD/kH/p0OPOZfvqkTdvDLpEHibBZFfN1LnjPrzhCJaYA2TfY6NtFhJT/nqF/cwmDKg5lebN2FKuuJVPacCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYPLabUPtbt4eYAZO03iSP6oYPswDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQB/XCoUJiG62vbrrs5iCvVh6K8egPUhmb1im6IKZ1/xCfP/DffvlUQGQehphZGpESs+1lzIf8y1yzNEErtZKIN3QZbjR78sjw1eOhjWfuwJMb7pAN8fvkq3ORnldG+vxYHtlAw3BsDrKjgPHmEKywyC+mrTUN37AV4h29UN33SrITbsPdHVzSWRS8UTWYJyEQ13hi6391Kc5QCrTUXX8vL4uz9udd1d8fAhqJUsp11qfu59YeSkBasaZYkVki2NU1IYp8nYdUvJ6okrpReVmOqE6HHsKyOn2lrHfW/8k94HwAbuVtQbESyG0MfugNU4GYcqwstNyoSBbcECi5Bdn75d\n-----END CERTIFICATE-----\n"} [26-Jun-2023 13:04:02 UTC] Retrieved 'requirements' as: {"alg":[],"aud":[],"iss":[]} [26-Jun-2023 13:04:02 UTC] Start of getVerifiedClaims function with token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Imttam15a0pXQ1NlWlFyWHlZNHotNCJ9.eyJpc3MiOiJodHRwczovL2Rldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNjM5NjQ5Nzg0ODI3MDYyOTIyNiIsImF1ZCI6Imh0dHBzOi8vZGF2aWRkNDgxLnNnLWhvc3QuY29tL2FwaS5waHAvcmVjb3Jkcy8iLCJpYXQiOjE2ODc3ODQ2NDAsImV4cCI6MTY4Nzc5MTg0MCwiYXpwIjoic21wYzQ5UXV6ZGVKaXY3STd3eGVsTzNvOElvTXVZNm0iLCJzY29wZSI6IiIsInBlcm1pc3Npb25zIjpbXX0.RecjR_Zufd_ay2fwY_mYMlCv8u4zmVz39QfBNME0UixOD_cQoEUMkeEcCTDexhlvbr26JjEOquQoFBNQ1KX1RaiswtKasiw9XVJg_fNhA8otWm9as8tvZv1XCqX_cn8nNjECygwRbEPXxGRy6CUtXHV5N4WC3EnEaPHUXrLy5glYTrqKyNG0JIXMRqbwVkpsfKMGTPZQOvXSWKvJbwMG_eMPMk-GopXSPTVLOytHInyyN_h4K5DVL80mtoayDJ7fevukVgt0sgUx12NfQE4lhxU2aZCLJK4M2GZsiYA7rZQORzsAzXD_0sBBYKCgaNxTnIo0MQUlmtGlGEbkqvusUg [26-Jun-2023 13:04:02 UTC] End of getClaims function, returning verified claims: []
is this normal that theses values are empty ? [26-Jun-2023 13:04:02 UTC] Retrieved 'requirements' as: {"alg":[],"aud":[],"iss":[]}
yes that means 'all'
Correct.
Unfortunately, I can only give you theoretical guidance, because I neither have access to the secret nor have I used Auth0, but we did manually create JWTs with our own identity provider, so I also had to go through this debug mess until I found our issue, but it was solvable at the end and is working like a charm now.
Given your debug log, you see at the last line that the getClaims function returns an empty array, which means "no resolvable claims", which in turn means that the authentication failed.
getClaims calls getVerifiedClaims under the hood, so try to add some more debug statements into different spots inside the getVerifiedClaims function to further nail down which of the early return conditions is fulfilled and returns the empty array before the actual 'successful' end of the method is reached.
Once you find out which conditional leads to an early return, you also know what is the reason for your authentication failure.
Thx Dherlou ok i got that log error : OpenSSL verify failed, returning empty array
the error seems to be on the algotithm
switch ($algorithm[0]) {
case 'H':
$hash = hash_hmac($hmac, $data, $secret, true);
error_log("Hash: " . $hash);
$equals = hash_equals($hash, $signature);
if (!$equals) {
error_log("Hash does not equal signature, returning empty array");
return array();
}
break;
case 'R':
$equals = openssl_verify($data, $signature, $secret, $hmac) == 1;
if (!$equals) {
error_log("OpenSSL verify failed, returning empty array");
return array();
}
break;
}
more logs
case 'R':
$verifyResult = openssl_verify($data, $signature, $secret, $hmac);
switch ($verifyResult) {
case 1: // successful verification
error_log("OpenSSL verification successful");
break;
case 0: // verification failed
error_log("OpenSSL verification failed");
break;
case -1: // error occurred
$error = openssl_error_string();
error_log("OpenSSL verification error: $error");
break;
default:
error_log("Unexpected openssl_verify result: $verifyResult");
break;
}
$equals = $verifyResult == 1;
if (!$equals) {
error_log("Verification result is not equal to 1, returning empty array");
return array();
}
break;
[26-Jun-2023 15:36:31 UTC] OpenSSL verification failed [26-Jun-2023 15:36:31 UTC] Verification result is not equal to 1, returning empty array [26-Jun-2023 15:36:31 UTC] End of getClaims function, returning verified claims: []
I thought i found, the algorithm in PHP-CRUD-API is RS256 and it was HS256 on Auth0 I changed it but i get the same error maybe wait a little
I'm gonna try and contact the Auth0 support
I'll take a look at our code at work tomorrow, but if I remember correctly, we are using the HS256 algorithm.
Oh, how could i set it on PHP-CRUD-API ?
I tried like that but no success
,'jwtAuth.secrets' => 'HS256,TYuNKXMir3SWHMOD7-fZ******DsuJdK-9jP6y3NwiB62_tJAlTuRTre'
You cannot change the algorithm on the receiver (PHP-Crud-API). Here it looks like you can set the algorithm in the Auth0 settings (sender). PHP-Crud-API simply checks the algorithm defined in the header part of the JWT and uses this algorithm for verification.
I would head over to https://jwt.io/ and do a dry-run outside of PHP-Crud-API. Paste your sample data there and check whether you can successfully verify a JWT there. If you get it working, use these information to correct your settings/secrets in PHP-Crud-API. This website does the verification on the client-side, but if you want to be extra safe, use another auth0 application/secrets. Also, pay attention to the selection of the algorithm in both auth0 and the website to match.
code works perfectely and many many thanks for that
but i am not able to add the authentication dose adding
'middlewares' => 'cors,xsrf,sanitation,authorization,jwtAuth', 'cors.allowedOrigins' => '*', 'cors.allowHeaders' => 'X-Authorization',
adds the authentication
i am new to php
tried looking for videos and tutorials but couldn't find any
