JWT token creation

samly · May 5, 2020, 4:44pm

In your call to hash_hmac, the last argument should be False, not True. Your code generates a proper JWT with that change:

laeggan:

Why doesn’t this work. In PHP 7.3
I get error: The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256

<?php
      define("API_KEY", "my API Key");
      define ("API_SECRET", "my AOI Secret");
      $header = '{"alg":"HS256","typ":"JWT"}';
      $payload = '{"iss":"' . API_KEY . '","exp":' . (time() + 50) . '}';
      $signature = hash_hmac("sha256", base64url_encode($header) . "." . base64url_encode($payload), API_SECRET, false);
      $token = base64url_encode($header) . "." . base64url_encode($payload) . "." . $signature;
      
      $curl = curl_init();
      curl_setopt_array($curl, array(
      CURLOPT_URL => "https://api.zoom.us/v2/users",
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => "",
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 30,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => "GET",
      CURLOPT_HTTPHEADER => array(
        "authorization: Bearer " . $token,
        "content-type: application/json"
        ),
      ));

    $response = curl_exec($curl);
    $err = curl_error($curl);

    curl_close($curl);

    if ($err) {
      echo "cURL Error #:" . $err;
    } else {
      echo $response;
    }
    function base64url_encode($data)
    {
      // Encode $data to Base64 string
      $b64 = base64_encode($data);

      // Valid result? Otherwise, return FALSE, as the base64_encode() function does
      if ($b64 === false) {
        return false;
      }

      // Convert Base64 to Base64URL by replacing "+" with "-" and "/" with "_"
      $url = strtr($b64, '+/', '-_');

      // Remove padding character from the end of line and return the Base64URL result
      return rtrim($url, '=');
    }
    function base64url_decode($data, $strict = false)
    {
      // Convert Base64URL to Base64 by replacing "-" with "+" and "_" with "/"
      $b64 = strtr($data, '-_', '+/');

      // Decode Base64 string and return the original data
      return base64_decode($b64, $strict);
    }
    ?>

Topic		Replies	Views
The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256 php API and Webhooks	2	725	February 25, 2021
Error:Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256 Web	2	2528	January 28, 2021
The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256 javascript API and Webhooks	2	725	February 8, 2021
When i use java application to get token （JWT） error API and Webhooks	10	1452	August 21, 2020
Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256 API and Webhooks	2	2323	September 2, 2021

JWT token creation

Related Topics