Use JWT with public-key cryptography

The JWT token is useful for systems that require lightweight authentication methods.

I used this for login on web site.

Web is public data storage differ from native application so anyone can see the data if they want.

That means, anyone can get there tokens and modified if they want.

To prevent this, use the JWT token.

If you want to know aboud JWT token detail, see https://en.wikipedia.org/wiki/JSON_Web_Token

Basically JWT token use single key that is made by symmetric-key algorithm.

This is vulnerable to security.

So I thought about how to encrypt the key using public key authentication method, and found the corresponding module.

composer module : firebase/php-jwt

link : https://packagist.org/packages/firebase/php-jwt

use Firebase\JWT\JWT;

$jwtData = array(

"iss" => "example.com",

"aud" => "example.com",

"exp" => time() + 3600,

"created_at" => time(),

'user_id' => $user_id,

"client_ip" => $ip_address,

"user_agent" => $agent,

);

$token = JWT::encode($jwtData, $PrivateKey, 'RS256');

$data = JWT::decode($token, $PublicKey, ['RS256']);

It's super easy !

Want to make keys, See 

http://chicrock.tistory.com/136

To create the right public key

http://chicrock.tistory.com/186