im usin the following php function to return the value of the 'uid' claim in the payload of a jwt:
function isLoggedIn($headers)
{
$ret = false;
if (!empty($headers['Authorization']))
{
$parts = explode('.', $headers['Authorization']);
echo base64_decode($parts[1]);
return 7; //currently set a 7 just function
}
}the string returned in
echo base64_decode($parts[1]);
has html tags included
<br />"iss": "www.thetenticle.com",<br />"iat": "1449405778",<br />"nbf": "1449405838",<br />"exp": "1449492238",<br />"uid": "batman"<br />}
i dont want this because i need to find out what is in the value of 'uid'. what am i doing wrong?
ps i know there is more to handling a jwt than this, but for now i just need to get the id of the logged in in user.
i essentially need an array of claims
</div>
From another answer on SO:
The problem is related to the fact that the base64 alphabet is not URL-safe. In this particular case, your base64-encoded string contains a +, which is interpreted as a space.
Code from php-jwt to safely decode the input:
public static function urlsafeB64Decode($input) {
$remainder = strlen($input) % 4;
if($remainder) {
$padlen = 4 - $remainder;
$input .= str_repeat('=', $padlen);
}
return base64_decode(strtr($input, '-_', '+/'));
}