JWT Framework
v4.0
v4.0
  • Introduction
  • Introduction
    • Provided Features
    • Security Recommendations
    • The Framework
    • Pre-requisite
    • Contributing
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • From v1.x to v2.0
    • From v2.x to v3.0
    • From v3.x to v4.0
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Advanced Topics
  2. Signed tokens and

Unencoded Payload

PreviousDetached PayloadNextEncrypted tokens and

Was this helpful?

The allows the use of an unencoded payload for the signed tokens. This behaviour is interesting when your tokens have a detached payload and may reduce the token computation.

Please note that when the Compact Serialization mode is used, the characters of the payload must be limited to the following ASCII ranges:

  • From 0x20 to 0x2d

  • From 0x2f to 0x7e

This feature is built in the framework and is enabled when the b64 header parameter is set to false. As per the RFC, this header MUST be protected and also listed as a critical (crit) header parameter.

Example:

$jws = $jwsBuilder
    ->create()
    ->withPayload('Hello World!')
    ->addSignature($jwk, ['alg' => 'HS256', 'b64' => false, 'crit' => ['b64']])
    ->build();

As a remainder, both b64 and crit parameters MUST be in the protected header.

RFC7797