JWT decode() 必须是数组错误类型

Question

这里我有一些用于登录的纤细 PHP 代码和一个检查它是否解码存储在标头中的 JWT 的函数。

$app->post('/login', function ($request, $response) {

$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();

// verify user id 
if(!$user) {
    return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
    return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);  
}

$payload = array(
    "iat" => time(),
    "exp" => time() + 36000,
    // "id" => $input['id']
    "context" => [
        "user" => [
            "id" => $input['id']
        ]
    ]
);

try {
    $token = JWT::encode($payload, $settings['jwt']['secret'],"HS256"); // $token store the token of the user
} catch (Exception $e) {
    echo json_encode($e);
}


return $this->response->withJson($payload,200)
                      ->withHeader('Content-type', 'application/json;charset=utf-8', 200)
                      ->withAddedHeader('Authorization', $token);
});


$app->get('/get', function ($request, $response) {

$jwt = $request->getHeader("Authorization"); 
$settings = $this->get('settings'); 

$token = JWT::decode($jwt, $settings['jwt']['secret'], "HS256"); // $token store the token of the user

if ($token) {
    return $this->response->withJson($token, 200)
    ->withHeader('Content-type', 'application/json;charset=utf-8', 200);
}

return $this->response->withJson($token,401)
                      ->withHeader('Content-type', 'application/json;charset=utf-8', 401);

});

但是当我尝试运行http://localhost:8080/get 时，它会返回一个错误

传递给 Firebase\JWT\JWT::decode() 的参数 3 必须是数组类型。

为什么会发生，我该如何解决？

Answer 1

如果我在同一个函数中解码，它会返回解码后的 JWT，但如果我在其他函数中解码，则会返回错误。如何将 jwt 传递给其他函数？

$app->post('/login', function ($request, $response) {

$key = "supersecretkeyyoushouldnotcommittogithub";

$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();

// verify user id 
if(!$user) {
    return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
    return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);  
}

$payload = array(
    "iat" => time(),
    "exp" => time() + 36000,
    // "id" => $input['id']
    "context" => [
        "user" => [
            "id" => $input['id']
        ]
    ]
);

try {
    $token = JWT::encode($payload, $key); // $token store the token of the user
} catch (Exception $e) {
    echo json_encode($e);
}

// return $this->response->withJson($payload,200)
//                       ->withHeader('Content-type', 'application/json;charset=utf-8', 200)
//                       ->withHeader('Authorization', $token);

$decoded = JWT::decode($token, $key, array('HS256'));

print_r($decoded);


});

Answer 2

尝试按照错误的说明进行操作：

$token = JWT::decode($jwt, $settings['jwt']['secret'], ["HS256"]);

您可以查看使用here的示例