JWT Framework
Search…
Detached Payload
As per the RFC7519,the payload of a JWS may be detached. This framework supports this feature.

JWS Creation

There is not much difference between the creation of a JWS with or without detached payload. The following example comes from the JWS Creation page. There is only one argument that will change during the call of withPayload.
1
<?php
2
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Core\JWK;
5
use Jose\Component\Signature\Algorithm\HS256;
6
use Jose\Component\Signature\JWSBuilder;
7
8
// The algorithm manager with the HS256 algorithm.
9
$algorithmManager = new AlgorithmManager([
10
new HS256(),
11
]);
12
13
// Our key.
14
$jwk = new JWK([
15
'kty' => 'oct',
16
'k' => 'dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g',
17
]);
18
19
// We instantiate our JWS Builder.
20
$jwsBuilder = new JWSBuilder(
21
$algorithmManager
22
);
23
24
// The payload we want to sign
25
$payload = json_encode([
26
'iat' => time(),
27
'nbf' => time(),
28
'exp' => time() + 3600,
29
'iss' => 'My service',
30
'aud' => 'Your application',
31
]);
32
33
$jws = $jwsBuilder
34
->create() // We want to create a new JWS
35
->withPayload($payload, true) // /!\ Here is the change! We set the payload and we indicate it is detached
36
->addSignature($jwk, ['alg' => 'HS256']) // We add a signature with a simple protected header
37
->build();
Copied!
And voilà! When you will serialize this token, the payload will not be present.

JWS Loading

The loading of a signed token with a detached payload is as easy as when the payload is attached. The only difference is that you have to pass the payload to the JWS Verifier when you want to check the signature.
1
<?php
2
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Core\JWK;
5
use Jose\Component\Signature\Algorithm\HS256;
6
use Jose\Component\Signature\JWSVerifier;
7
use Jose\Component\Signature\Serializer\JWSSerializerManager;
8
use Jose\Component\Signature\Serializer\CompactSerializer;
9
10
// The algorithm manager with the HS256 algorithm.
11
$algorithmManager = new AlgorithmManager([
12
new HS256(),
13
]);
14
15
// Our key.
16
$jwk = new JWK([
17
'kty' => 'oct',
18
'k' => 'dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g',
19
]);
20
21
// The serializer manager. We only use the JWS Compact Serialization Mode.
22
$serializerManager = new JWSSerializerManager([
23
new CompactSerializer(),
24
]);
25
26
// We instantiate our JWS Verifier.
27
$jwsVerifier = new JWSVerifier($algorithmManager);
28
29
// The detached payload
30
$payload = '{"iat":1507896992,"nbf":1507896992,"exp":1507900592,"iss":"My service","aud":"Your application"}';
31
32
// The input we want to check
33
$token = 'eyJhbGciOiJIUzI1NiJ9..eycp9PTdgO4WA-68-AMoHPwsKDr68NhjIQKz4lUkiI0';
34
35
// We try to load the token.
36
$jws = $serializerManager->unserialize($token);
37
38
// We verify the signature.
39
// /!\ The third argument is the detached payload.
40
$jwsVerifier->verifyWithKey($jws, $jwk, $payload);
Copied!
Last modified 2yr ago
Copy link