How to implement JWT in PHP | JWT in PHP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome back so in this video we are going to see how to use JWT in PHP okay so let's get started so here I have a file called index.php and I have a sample data over here and I'm echoing that data over here so when you try to access this page you can easily get this data so let me just open Postman and say new HTTP request you can use the external Postman as well PHP JWT demo SL index.php now when I say send okay this is added to string conversion you'll just change that to print R okay save and now we'll send the request again and here you can see you've got the data so now when you want to secure this there are different ways to secure your data one popular way is JWT so let's start implementing the JWT in our PHP so to use JWT we need to install a package so we'll open the terminal and say composer require PHP hyphen JWT and hit enter and it will download the package okay so the package is downloaded and now first we need to generate the JWT so for that I will just create a separate file let's say get JWT PHP okay so we'll just keep it simple so first we need to require the autoload.php which is inside the vendor folder so I'll say require once and vendor SL autoload.php okay and now we're going to say use Firebase back slash JWT / JWT okay and now we have to create a secret key let me say secret underscore key equals so a secret key is a random string which is supposed to be kept with you and the receiver and it should not be uh shared publicly so you can type it out manually like anything or you can generate using some online tools so I'll just keep something random over here and this has to be used where you are creating the JWT and where you are going to decode the JWT so it is a good practice to keep it in a separate file maybe in your environment files which is more secure for now we'll just keep it in another PHP file called config.php p and say return and here I'll say JWT secret and I will store the secret over here paste it and yes and now you can just import that require ones config do PHP and this one we can assign it to a variable called config equals okay so once you have got this you can fetch the secret key from this variable okay so let me just put it over here config of can just copy this from here so now we have the secret key so the next step is to create the payload so just create create a variable called payload which is an array and here we will be assigning the data what we want to send in the JWT token so there are common attributes which will be in a JWT which is issuer and the expiry and issued at the timestamp so we can add those things over here to validate the JWT later on so issuer you can give your domain name or anything you want so I'll just give it here Sharma coder issue at that is IAT and just give the time function okay and expires at we give exp and say string to time and let me just keep this for 1 hour plus 1 hour okay so this will give current time plus 1 hour and I will just give an email also over here email and I will put Sharma at gmail.com okay and yeah so our payload is ready now we have to encode the payload in the JWT so I'll just say dollar JWT equals JWT colon colon en code and here first you have to pass the payload so say dollar payload comma the secret key so you have the secret key over here and the third parameter has to be the algorithm which you want to use so for this we will use hs256 algorithm so there are different algorithms you can use if you use the RS 256 that will require a public and private key pair so if you want a tutorial with the rs256 algorithm which uses a public private key pair then uh you can mention that in the comments below I will create another tutorial for that so here we have created the JWT and now we'll just Echo this okay Echo JWT colon and concatenate it with this dollar JWT okay so now this should give us our JWT let us now go to our Postman and call this file index.php I will replace that with get jw. PHP so we'll hit the send button and now you can see you got your JWT so this token you can verify this by going to the JW IO and here when you just scroll down you can see this section you can paste this and here it is you see the issuer Sharma coder email and this is the time which we have issued and this will be expiring okay and the algorithm is detected over here it is HS 256 so here you can see invalid signature so you can verify this JWT to token using the secret key which we have stored in our config.php file so now in our index.php file where we have our actual data we have to check if the user has requested this file with the jwd token only then we are going to allow access to those users okay so similarly we'll have to use that JWT over here also so we'll quickly just copy that from here you can copy these things copy and paste okay so you got the secret key and JWT package will also be using the key class over here say key okay so when the user is requesting for this file the authorization header will be set on the HTTP request so first we need to fetch the headers over here so we'll say dollar headers equals Apache request headers okay so this will give us the headers and now we will check if the authorization header is present a set of dollar headers of authorization okay so when you are requesting for this file we will just copy this JWT and it over here you have headers you can directly add authorization header over here and send as the barer token or you can use this authorization tab select barer token and paste the token over here okay the header is already set when you do this and to check this we have to check if the authorization header is set and if it is set we have to fetch the value from there okay so I will say dollar authorization header equals dollar headers of can just copy it from here authorization okay so you got the headers and let me just show you print r okay so I will call this file index.php so you can see you are getting that token along with the barer prefix over here so we need only this part right so we have to fetch this from the header so here this is having barer space the token so we are going to use the explode function over here header value is equals explode function give space over here and pass the dollar authorization header okay so what this explode function will do is it will create an array from this string based on this space okay so wherever it finds a space it will just create a new values in the array so now we know that we have this barer and then the token so this will be in the first index that is zero and this will be in the index number one okay so you can verify that over here by saying Echo dollar header value of one okay send we haven't removed this also the this okay so just save and hit on send button and you can see you got the JWT alone okay so we'll just create a dollar JWT equals and we have the JWT here and now we are going to use this JWT colon colon dcode method and this will accept two parameters one is the jwd token and and the other is uh instance of key class which will have the secret key and the algorithm used for decryption okay so we can store this in a variable called dollar decoded and now let me just print R dollar decoded save that and when you call this file now you can see you have got the JWT data and now when you just if this token is expired or I will just make a small mistake here and now when I send this it is going to give an error okay so we can just handle this error using a tri catch over here after fetching the header value we can surround this in a tri catch block okay say catch exception inside the catch block we are going to Echo error and concatenate the error message okay error dot get message okay and here you can see we have check if the authorization header is present and we can add an else part to this and Echo no authorization header is present okay so now you can save and and you can see the catch block has got the exception and it is printed the message over here so imagine if we had not set this token and we try to access no authorization header is present so let me just make some small changes over here you see this expiry right we'll just make a small change over here and I will say expire at the same time okay so let us test one scenario in this way say get JWT PHP click on send you got the JW copy that and try to access the index.php with the bar token click Send okay we made some mistake over here okay VP send you can see you got the error message called expired token that's it in this video guys we have seen how to use JWT in our PHP and authenticate our apis in PHP using JWT so thank you for watching this video guys please like the video and subscribe to this Channel and do comment if you want a video on how to use rs256 algorithm using the public and private keyp pair so thank you once again and please subscribe the channel

Info

Channel: Sharma Coder

Views: 1,452

Rating: undefined out of 5

Keywords: sharma coder, php jwt implementation, jwt in php, firebase jwt php, how to implement jwt in php code, add jwt in php, authenticate user in php, authenticate using jwt in php, how to use jwt in php, how to get secret key for jwt, php for beginners, php tutorials, learn php easily, beginners jwt, learn jwt for beginners

Id: Qw3XRpzVsUw

Channel Id: undefined

Length: 14min 44sec (884 seconds)

Published: Sat Jan 13 2024