Read JWT payload after validation (Tuupola)

I’m using Slim 4 and I have successfully implemented the JWT authentication. It works like a breeze.
I’d need to be able to read a value in the payload after the token is validated.
Is there any recommended way to do so?

Here is the middleware:

$app->add(new \Tuupola\Middleware\JwtAuthentication([

    "algorithm" => ["HS512"],
    "logger" => $logger,
    "secret" => getenv('JWT_SECRET'),
    "rules" => [
        new Tuupola\Middleware\JwtAuthentication\RequestPathRule([
            "path" => "/v2"

The payload looks like this:

  "jti": "1PD0vKUwqlBocToxmZgeJA",
  "iat": 1580575309,
  "exp": 1580577109,
  "stk": "KsdL5WxiGkYIkFeduiQkMR8nTwOZ56ik"

I would need to be able to read the value of “stk” every time a token is received and use it pretty much anywhere in my code (every action).

Thanks a lot in advance for your help.

Though this isn’t technically a question for Slim Framework, the following link should give you some hints:

Specifically, the decoded token is stored as an attribute, which you can retrieve like so:

$tok = $request->getAttribute('token');
$mySTKValue = $tok['stk'];
1 Like

Thanks for your answer.
I understand it is not technically a Slim Framework question but… If everybody who’s using Slim Framework goes to Laravel’s website to find their answer, they will end up using Laravel intead of the really cool Slim Framework (even tho my question is not about Laravel either). As a user I have asked the question here with the idea of a community. I also understand that my question is a n00b’s question but I am not very good at PHP to be honest and, as stated on many blogs, Slim’s documentation is often written by and oriented towards advanced PHP developers which makes it difficult to be adopted by less advanced developers (read “a guy like me”).
I have fortunately found here the help I needed almost every time I asked for it and, as a DBA with 25 years of experience, I am always happy to help developers when it comes to the DB. So I appreciate your help and I thank you again for your answers.


In our application we have firebase/php-jwt:
composer require firebase/php-jwt

And in our BaseController (All others controllers inherits it’s functions):
use Firebase\JWT\JWT;

function getJWTToken($request)
$token = str_replace("Bearer ", “”, (string) $request->getHeaderLine(‘Authorization’));
if (!$token) return false;
$key = $this->container->get(“settings”)[“jwt”][“secretKey”];
return JWT::decode($token, $key, array(‘HS256’));

And in others containers we use:
$data_token = $this->getJWTToken($request);
if($data_token->platform == 'app')...