Skip to content

Instantly share code, notes, and snippets.

Created March 31, 2017 03:13
Show Gist options
  • Save jeffski/f1e70f7807732070360c4ecac6a13679 to your computer and use it in GitHub Desktop.
Save jeffski/f1e70f7807732070360c4ecac6a13679 to your computer and use it in GitHub Desktop.
* Assumes library is installed and autoloading is set up
* Decode and verify token guide:
use Jose\Factory\JWKFactory;
use Jose\Loader;
// We load the key set from a URL
// JSON Key URL (JKU) - https://cognito-idp.{region}{userPoolId}/.well-known/jwks.json.
// See:
$jku = '';
$jwk_set = JWKFactory::createFromJKU($jku);
// We create our loader.
$loader = new Loader();
// This is the token we want to load and verify.
// The signature is verified using our key set.
if ($token) {
try {
$jws = $loader->loadAndVerifySignatureUsingKeySet(
$valid = $jws->getPayload(); // contains the username, sub, expiry and other details for use in your application
} catch (Exception $e) {
$valid = $e->getMessage();
Copy link

Where do you get $signature_index from?

$signature_index is a reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment