The RFC7797 allows the use of an unencoded payload for the signed tokens. This behaviour is interesting when your tokens have a detached payload and may reduce the token computation.
Please note that when the Compact Serialization mode is used, the characters of the payload must be limited to the following ASCII ranges:
This feature is built in the framework and is enabled when the
b64 header parameter is set to
As per the RFC, this header MUST be protected and also listed as a critical (
crit) header parameter.
$jws = $jwsBuilder ->create() ->withPayload('Hello World!') ->addSignature($jwk, ['alg' => 'HS256', 'b64' => false, 'crit' => ['b64']]) ->build();
As a remainder, both
crit parameters MUST be in the protected header.