jwt-auth
jwt-auth copied to clipboard
Published
20 hours ago •
PHP-Open-Source-Saver
PHP-Open-Source-Saver
Generated token with custom claims & secret isn't encoded with the custom secret.
Subject of the issue
Generated token with custom claims & secret (via JWTAuth::getJWTProvider()->setSecret()) isn't encoded with the custom secret.
I have a method that will allow generation of custom JWTs for different sites (with different JWT secrets)
Here's the method, pretty simple and it used to work fine before I upgraded to Laravel 9
protected function createUserToken($user, $claims = null, $secret = null) {
// GENERATE KEY WITH DIFFERENT JWT_SECRET
if($secret) {
JWTAuth::getJWTProvider()->setSecret($secret);
}
if($claims) {
$factory = JWTFactory::customClaims($claims);
$payload = $factory->make();
return JWTAuth::encode($payload);
}
return JWTAuth::fromUser($user);
}
Your environment
| Q | A |
|---|---|
| Bug? | yes |
| New Feature? | no |
| Framework | Laravel |
| Framework version | 9 |
| Package version | 2 |
| PHP version | 8.2 |
Steps to reproduce
- Generate any token with a custom secret key (take note of the secret you've used)
- Validate said token on jwt.io against the custom secret (will fail)
- Validate said token again, but this time use the key on the site's .env (will succeed)
Expected behaviour
The token generated should be able to validate on jwt.io against the (custom) secret you provided.
Actual behaviour
The tokens being generated are still encoded with the site .env secret instead of the provided one.
