dpjo15650 2015-12-13 14:47
浏览 54
已采纳

JWT解码包括不需要的html标签

im usin the following php function to return the value of the 'uid' claim in the payload of a jwt:

function isLoggedIn($headers)
    {
        $ret = false;
        if (!empty($headers['Authorization']))
                {
                  $parts = explode('.', $headers['Authorization']);
                  echo base64_decode($parts[1]);
                  return 7; //currently set a 7 just function 
                }
    }

the string returned in 

    echo base64_decode($parts[1]);

has html tags included

    <br />"iss": "www.thetenticle.com",<br />"iat": "1449405778",<br />"nbf": "1449405838",<br />"exp": "1449492238",<br />"uid": "batman"<br />}

i dont want this because i need to find out what is in the value of 'uid'. what am i doing wrong?

ps i know there is more to handling a jwt than this, but for now i just need to get the id of the logged in in user.

i essentially need an array of claims 

</div>
  • 写回答

1条回答 默认 最新

  • douyo770657 2016-03-07 11:51
    关注

    From another answer on SO:

    The problem is related to the fact that the base64 alphabet is not URL-safe. In this particular case, your base64-encoded string contains a +, which is interpreted as a space.

    Code from php-jwt to safely decode the input:

    public static function urlsafeB64Decode($input) {
    $remainder = strlen($input) % 4;
    if($remainder) {
        $padlen = 4 - $remainder;
        $input .= str_repeat('=', $padlen);
    }
    return base64_decode(strtr($input, '-_', '+/'));
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP