laeggan
(Lloyd)
May 2, 2020, 1:36am
1
Why doesn’t this work. In PHP 7.3
I get error: The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256
<?php
define("API_KEY", "my API Key");
define ("API_SECRET", "my AOI Secret");
$header = '{"alg":"HS256","typ":"JWT"}';
$payload = '{"iss":"' . API_KEY . '","exp":' . (time() + 50) . '}';
$signature = hash_hmac("sha256", base64url_encode($header) . "." . base64url_encode($payload), API_SECRET, true);
$token = base64url_encode($header) . "." . base64url_encode($payload) . "." . $signature;
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.zoom.us/v2/users",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authorization: Bearer " . $token,
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
function base64url_encode($data)
{
// Encode $data to Base64 string
$b64 = base64_encode($data);
// Valid result? Otherwise, return FALSE, as the base64_encode() function does
if ($b64 === false) {
return false;
}
// Convert Base64 to Base64URL by replacing "+" with "-" and "/" with "_"
$url = strtr($b64, '+/', '-_');
// Remove padding character from the end of line and return the Base64URL result
return rtrim($url, '=');
}
function base64url_decode($data, $strict = false)
{
// Convert Base64URL to Base64 by replacing "-" with "+" and "_" with "/"
$b64 = strtr($data, '-_', '+/');
// Decode Base64 string and return the original data
return base64_decode($b64, $strict);
}
?>
samly
(Sam)
May 5, 2020, 4:44pm
2
In your call to hash_hmac, the last argument should be False
, not True
. Your code generates a proper JWT with that change:
laeggan:
Why doesn’t this work. In PHP 7.3
I get error: The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256
<?php
define("API_KEY", "my API Key");
define ("API_SECRET", "my AOI Secret");
$header = '{"alg":"HS256","typ":"JWT"}';
$payload = '{"iss":"' . API_KEY . '","exp":' . (time() + 50) . '}';
$signature = hash_hmac("sha256", base64url_encode($header) . "." . base64url_encode($payload), API_SECRET, false);
$token = base64url_encode($header) . "." . base64url_encode($payload) . "." . $signature;
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.zoom.us/v2/users",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authorization: Bearer " . $token,
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
function base64url_encode($data)
{
// Encode $data to Base64 string
$b64 = base64_encode($data);
// Valid result? Otherwise, return FALSE, as the base64_encode() function does
if ($b64 === false) {
return false;
}
// Convert Base64 to Base64URL by replacing "+" with "-" and "/" with "_"
$url = strtr($b64, '+/', '-_');
// Remove padding character from the end of line and return the Base64URL result
return rtrim($url, '=');
}
function base64url_decode($data, $strict = false)
{
// Convert Base64URL to Base64 by replacing "-" with "+" and "_" with "/"
$b64 = strtr($data, '-_', '+/');
// Decode Base64 string and return the original data
return base64_decode($b64, $strict);
}
?>
1 Like
laeggan
(Lloyd)
May 6, 2020, 5:23pm
3
It did not work for me with false. I got the error I reported at the beginning of my post.
What works for me is to have true in the call to hash_hmac to get the signature, then base64url encode that when composing the token. I figured that out from reading the code in one of the jwt.io packages.
Lloyd
tommy
(Tommy Gaessler)
May 12, 2020, 5:53am
4
Hey @laeggan ,
Can you please private message me your JWT Key and I will take a look?
Thanks,
Tommy
laeggan
(Lloyd)
May 12, 2020, 9:08pm
5
Please don’t bother.
As I said, it now works fine for me.
Thanks.
1 Like
tommy
(Tommy Gaessler)
May 15, 2020, 10:24pm
6
Happy to hear it’s working!
-Tommy
skodali
(satish)
June 2, 2020, 2:07am
7
Hello Llyod,
I am running into the same issue that you initially experienced. Do you mind sharing the final version of the working code?
tommy
(Tommy Gaessler)
March 16, 2021, 9:59pm
8
If you are still having this issue, please create a new topic: #api-and-webhooks
Thanks,
Tommy