Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
PHP Authorization with JWT (JSON Web Tokens)
Jun 04, 2015 @ 09:51:17

On the SitePoint PHP blog today there's a tutorial posted showing you how to handle authorization with JWTs, JSON Web Tokens. These tokens provide a bit more context around the current session including things like when the token was issued and when it should time out.

If you like computer security topics, you will know that one of the most discussed and controversial topics is user authentication. Within its context, you will find a broad range of study areas, from new mechanisms to usability. It is, thus, to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism.

He starts with a comparison of JWTs and sessions, pointing out both similarities and differences between the two. He then gets into the official JWT specification (an approved RFC) that defines the structure and what a resulting JWT string looks like. He then moves on and shows how to integrate them with a current application via the php-jwt library. He helps you get the dependencies installed and sets up both the encoding and decoding methods. He integrates this with a simple frontend Javascript request to fetch content and push it into the page. This request verifies the JWT on receipt and returns 400 HTTP error codes if this fails.

tagged: tutorial jwt jsonwebtoken phpjwt authorization example resource

Link: http://www.sitepoint.com/php-authorization-jwt-json-web-tokens/