dpjo15650 2015-12-13 14:47
浏览 54
已采纳

JWT解码包括不需要的html标签

im usin the following php function to return the value of the 'uid' claim in the payload of a jwt:

function isLoggedIn($headers)
    {
        $ret = false;
        if (!empty($headers['Authorization']))
                {
                  $parts = explode('.', $headers['Authorization']);
                  echo base64_decode($parts[1]);
                  return 7; //currently set a 7 just function 
                }
    }

the string returned in 

    echo base64_decode($parts[1]);

has html tags included

    <br />"iss": "www.thetenticle.com",<br />"iat": "1449405778",<br />"nbf": "1449405838",<br />"exp": "1449492238",<br />"uid": "batman"<br />}

i dont want this because i need to find out what is in the value of 'uid'. what am i doing wrong?

ps i know there is more to handling a jwt than this, but for now i just need to get the id of the logged in in user.

i essentially need an array of claims 

</div>
  • 写回答

1条回答 默认 最新

  • douyo770657 2016-03-07 11:51
    关注

    From another answer on SO:

    The problem is related to the fact that the base64 alphabet is not URL-safe. In this particular case, your base64-encoded string contains a +, which is interpreted as a space.

    Code from php-jwt to safely decode the input:

    public static function urlsafeB64Decode($input) {
    $remainder = strlen($input) % 4;
    if($remainder) {
        $padlen = 4 - $remainder;
        $input .= str_repeat('=', $padlen);
    }
    return base64_decode(strtr($input, '-_', '+/'));
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?