Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please create a simple example app which will show us how to use the package with a front-end framework #12

Open
manyopensource opened this issue May 24, 2019 · 8 comments
Open

Please create a simple example app which will show us how to use the package with a front-end framework #12

manyopensource opened this issue May 24, 2019 · 8 comments
Assignees
@byjg
Labels
q&a

Comments

@manyopensource
Copy link

No description provided.

@byjg byjg self-assigned this May 25, 2019
@byjg
Copy link
Owner

byjg commented May 25, 2019

This package is intended to use as a PHP Session, i.e. running only server side.

If you want to use JWT with a HTML client I suggested you use another package I have: JWT Wrapper

You can see a very rustic example here using jQuery.

@manyopensource
Copy link
Author

Thank you for the example! Almost everything is clear except one moment: will I know that the token from the user who also stored in the PHP session?

@byjg
Copy link
Owner

byjg commented May 25, 2019

In this example you won't rely on PHP Session, because this is sessionless. If you still need a store something sensitive in the session I recommend you create a Memcached or Redis server and store this data there and you have to store only the key for this resource in your JWT Token.

It is important to Note also

In both of cases you cannot store sensitive data due the nature of a JWT Token.

@manyopensource
Copy link
Author

I have a php-application which uses the session. But on some page I want to use a frontend-framework (or simply Ajax) but I need to trust the requests from it. So my question is how do I do that? Or answer is simply to use the jwt-wrapper with data from the session?? Thanks for answering!

@byjg
Copy link
Owner

byjg commented May 26, 2019

Now I understood. OK, in that case for your HTML front-end application communicate with the PHP Session previously created you should mimic in your HTML page how the PHP handles the session. Basically is to send a HTTP Cookie named PHPSESSID with the value of the token. It is a workaround, a kind of hack. Read more about PHPSESSID here

I would try to use the same approach for all cases. For example, if your HTML page could be rename to .php you'll benefit from PHP Session. However if you cannot rename it, I would try to use the calls as API and use the JWT Wrapper instead.

@byjg byjg added the q&a label Oct 1, 2019
@sawirricardo
Copy link

Hi @byjg, I really like this. Am I able to use JWT Session side by side with JWT wrapper? Say, I build a PHP application for the web, but also open up some API for mobile later on, is that possible?

Thank you!

@byjg
Copy link
Owner

byjg commented Jan 26, 2021

It is possible to use the token created by JwtSession in your PHP application since you share the same secret key between your two applications:

In the JwtSession you can create:

$sessionConfig = (new \ByJG\Session\SessionConfig('example.com'))
    ->withSecret('your super base64url encoded secret key')

And in your API application you can use the same key:

$server = "example.com";
$secret = new \ByJG\Util\JwtKeySecret('your super base64url encoded secret key');

$jwtWrapper = new \ByJG\Util\JwtWrapper($server, $secret);
# $token = extract the JWT Token. If the server name is the same for both and you are 
#          passing the token through  HTTP_AUTHENTICATION header you don't need this step. 
$data = $jwtWrapper->extractData($token);

Remember: both host and secret should be the same.

I recommend you to use:

@sawirricardo
Copy link

It is possible to use the token created by JwtSession in your PHP application since you share the same secret key between your two applications:

In the JwtSession you can create:

$sessionConfig = (new \ByJG\Session\SessionConfig('example.com'))
    ->withSecret('your super base64url encoded secret key')

And in your API application you can use the same key:

$server = "example.com";
$secret = new \ByJG\Util\JwtKeySecret('your super base64url encoded secret key');

$jwtWrapper = new \ByJG\Util\JwtWrapper($server, $secret);
# $token = extract the JWT Token. If the server name is the same for both and you are 
#          passing the token through  HTTP_AUTHENTICATION header you don't need this step. 
$data = $jwtWrapper->extractData($token);

Remember: both host and secret should be the same.

I recommend you to use:

Thank you @byjg really appreciate it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@byjg byjg

Labels
q&a
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@byjg @manyopensource @sawirricardo