JWT Authentication


#1

Hello, I can’t seem to get the JWT authentication to work.

My middleware.php contains this entry. I am trying to use a custom header: “stoken”

$app->add(new \Tuupola\Middleware\JwtAuthentication([
“path” => “/api”, /* or ["/api", “/admin”] */
“secret” => “secretkey”,
“header” => “stoken”,
“algorithm” => [“HS256”],
“callback” => function ($request, $response, $arguments) use ($container) {
$container[“jwt”] = $arguments[“decoded”];
},
“error” => function ($request, $response, $arguments) {
$data[“status”] = “error”;
$data[“message”] = $arguments[“message”];
return $response
->withHeader(“Content-Type”, “application/json”)
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
}
]));

In settings.php - I added this entry at the bottom:

// jwt settings
“jwt” => [
‘secret’ => ‘secretkey’
]

And in the routes.php, for successful login I added:

$settings = $this->get(‘settings’);
$token = JWT::encode([‘id’ => $usr->user_id, ‘email’ => $usr->email_address], $settings[‘jwt’][‘secret’], “HS256”);
return $this->response->withJson([‘token’ => $token]);

So the login returns a 200 response, and dumps the token:

200
{“token”:“eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEwMDAxMyIsImVtYWlsIjoiam9lMTFAeWFob28uY29tIn0.6I9GMf2tX9YzMiaAIXptcDqUfYssqqB5ZMb7w9AWEhw”}
Login Success

So that’s good. Then in the next call (a Java program) I am attempting to set the token (hard coding it for now):

conn.setRequestProperty(“stoken”, “eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEwMDAxMyIsImVtYWlsIjoiam9lMTFAeWFob28uY29tIn0.6I9GMf2tX9YzMiaAIXptcDqUfYssqqB5ZMb7w9AWEhw”);

But I get a 500 error.

In this slim php there is no Error log information.

As per the documentation I have an entry for displayErrorDetails:

$configuration = [
‘settings’ => [
‘displayErrorDetails’ => true,
//
// OTHER STUFF HERE
],
];

I don’t see any ERROR in app.log or know why it is failing. Any ideas?

John.


#2

Would not you have forgotten the regex since you have customized the token header in “stoken”?
If I remember correctly, you have to attach a logger to have a little more log.
These are just some tracks but it may be able to help you.


#3

Which regex do you refer to?


#4

In the README (https://github.com/tuupola/slim-jwt-auth)

Regexp
By default the middleware assumes the value of the header is in Bearer <token> format. You can change this behaviour with regexp parameter. For example if you have custom header such as X-Token: <token> you should pass both header and regexp parameters.

$app = new Slim\App;

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "header" => "X-Token",
    "regexp" => "/(.*)/",
    "secret" => "supersecretkeyyoushouldnotcommittogithub"
]));

#5

Ok I have added regexp as above. However still getting the 500 error.

I can’t see any ERROR in the app.log. Tried creating a logger but no file is being created. Any tips on how I can get the details of the 500 error?

Thanks.


#6

you can set php parameter at the beginning of your index.php
ini_set("display_errors",1)


#7

I’ve just test your configuration. and it works perfectly

you can get the code on this repo : https://github.com/elaugier/testSTOKEN

i use these requests to test (first to get the token, second, to check the 401, third, check that’s work.

GET http://localhost:8080/token

GET http://localhost:8080/api

GET http://localhost:8080/api
Accept: application/json
Stoken: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1MjkwMTEzNTcsImp0aSI6IjEwMDJkZjJjLTcwMTktMTFlOC04MjBhLTgwZmE1YjUzMzcxMyIsImlzcyI6e30sIm5iZiI6MTUyOTAxMTM1NywiZXhwIjoxNTI5MDE0OTU3LCJkdGEiOnsiaWQiOjEsImVtYWlsIjoiam9obmRvZUBkb21haW4uY29tIn19.MVBT3ArKdCZfENj3G6zsKxKTu1jNR9KIMe5Oe23t5Aunp7GTJlJMmHfJjRPmV3d0Hyu5JHXCp_dYV8xa8-ndEA


#8

I have been at this for hours and it is not logging a thing for 500 Errors. I am using WAMP server on windows. The log directory is C:\WAMP64\logs.
Nothing is getting logged into php_error.log.

I am using the default php.ini file. All the error logging and reporting is set ON. In my index.php file I have at the top:

error_reporting(E_ALL);
ini_set(‘display_errors’, 1);

I restart the server and hit a secure URL. I get 500, null. And nothing to see in the Error log.

I have also tried setting up a logger for JWT - pointing it to: …/logs/jwt.log.

Again nothing is getting logged.


#9

I can’t help on this point… I’m using PHP Builtin server when I develop an application (to avoid to have to troubleshoot the web server instead of solve issues in my code).
Have you test your code with the php builtin server ?


#10

You’re hitting a secure URL with WAMP? I’ve never used TLS with WAMP; just used unsecured HTTP urls in dev