JWT Framework
v1.x
v1.x
  • Introduction
  • Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
  • Console
    • Standalone Application
    • Symfony Console
    • PHAR Application
  • Security Recommendations
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmarks
    • Result table
  • Migration
    • From spomky-labs/jose
      • Keys (JWK)
      • Key Sets (JWKSet)
      • Signed Tokens (JWS)
      • Encrypted Tokens (JWE)
      • Header Checking
      • Claim Checking
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Advanced Topics
  2. Signed tokens and

Unencoded Payload

PreviousDetached PayloadNextEncrypted tokens and

Last updated 7 years ago

Was this helpful?

The allows the use of an unencoded payload for the signed tokens. This behaviour is interesting when your tokens have a detached payload and may reduce the token computation.

Please note that when the Compact Serialization mode is used, the characters of the payload must be limited to the following ASCII ranges:

  • From 0x20 to 0x2d

  • From 0x2f to 0x7e

This feature is built in the framework and is enabled when the b64 header parameter is set to false. As per the RFC, this header MUST be protected and also listed as a critical (crit) header parameter.

Example:

$jws = $jwsBuilder
    ->create()
    ->withPayload('Hello World!')
    ->addSignature($jwk, ['alg' => 'HS256', 'b64' => false, 'crit' => ['b64']])
    ->build();

As a remainder, both b64 and crit parameters MUST be in the protected header.

RFC7797