Created
March 31, 2017 03:13
-
-
Save jeffski/f1e70f7807732070360c4ecac6a13679 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Assumes https://github.com/Spomky-Labs/jose library is installed and autoloading is set up | |
| * Decode and verify token guide: https://github.com/Spomky-Labs/jose/blob/master/doc/operation/Verify.md | |
| */ | |
| use Jose\Factory\JWKFactory; | |
| use Jose\Loader; | |
| // We load the key set from a URL | |
| // JSON Key URL (JKU) - https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json. | |
| // See: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-identity-user-pools-using-id-and-access-tokens-in-web-api | |
| $jku = 'https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_EPyUfpQq7/.well-known/jwks.json'; | |
| $jwk_set = JWKFactory::createFromJKU($jku); | |
| // We create our loader. | |
| $loader = new Loader(); | |
| // This is the token we want to load and verify. | |
| $token = 'JWT TOKEN FROM USER POOL'; | |
| // The signature is verified using our key set. | |
| if ($token) { | |
| try { | |
| $jws = $loader->loadAndVerifySignatureUsingKeySet( | |
| $token, | |
| $jwk_set, | |
| ['RS256'], | |
| $signature_index | |
| ); | |
| $valid = $jws->getPayload(); // contains the username, sub, expiry and other details for use in your application | |
| } catch (Exception $e) { | |
| $valid = $e->getMessage(); | |
| } | |
| } |
Where do you get
$signature_indexfrom?
$signature_index is a reference.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Where do you get
$signature_indexfrom?