jwt-auth
jwt-auth copied to clipboard
Published
20 hours ago •
tymondesigns
tymondesigns
Setting algorithm at runtime does not update header "alg"
I'm trying to create a custom token using Tymon-JWT with a different algorithm than the one defined in the config file (jwt.php).
public function generateCustomToken($data) {
$claims = [...] // standard claims in a JWT token
// set the algorithm
JWTAuth::getJWTProvider()->setAlgo('RS256');
// custom signer as well
JWTAuth::getJWTProvider()->setSecret($data["signer"]);
// if I log it here the correct algorithm is displayed
Log::info(JWTAuth::getJWTProvider()->getAlgo()); == 'RS256'
$claims = new Collection($requiredClaims);
$payload = new Payload($claims, new PayloadValidator());
$tkn = JWTAuth::encode($payload);
return $tkn->get();
}
So I change the algorithm and log it and it shows my value but when I decode the token the header "alg" displays the algorithm set in the config file.
Does this mean that it is not using RS256 to encode the token? How do I go about changing that algo value?
Your environment
| Q | A |
|---|---|
| Bug? | yes |
| New Feature? | no |
| Framework | Laravel |
| Framework version | 5.8 |
| Package version | 1.0.2 |
| PHP version | 7.3.3 |
Steps to reproduce
Use the code above
Expected behaviour
setting JWTAuth::getJWTProvider()->setAlgo('RS256'); should also change the header "alg" to reflect the algorithm used
Actual behaviour
The algorithm set in the config file is displayed as the value rather than the custom one I set at runtime
