search

PHP-Open-Source-Saver / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
MIT License
729 stars 113 forks source link

Generated token with custom claims & secret isn't encoded with the custom secret. #226

Open nargalzius opened 1 year ago

nargalzius commented 1 year ago

Subject of the issue

Generated token with custom claims & secret (via JWTAuth::getJWTProvider()->setSecret()) isn't encoded with the custom secret.

I have a method that will allow generation of custom JWTs for different sites (with different JWT secrets)

Here's the method, pretty simple and it used to work fine before I upgraded to Laravel 9

protected function createUserToken($user, $claims = null, $secret = null) {

        // GENERATE KEY WITH DIFFERENT JWT_SECRET
        if($secret) {
            JWTAuth::getJWTProvider()->setSecret($secret);
        }

        if($claims) {
            $factory = JWTFactory::customClaims($claims);

            $payload = $factory->make();

            return JWTAuth::encode($payload);
        }

        return JWTAuth::fromUser($user); 
    }

Your environment

Q A
Bug? yes
New Feature? no
Framework Laravel
Framework version 9
Package version 2
PHP version 8.2

Steps to reproduce

  1. Generate any token with a custom secret key (take note of the secret you've used)
  2. Validate said token on jwt.io against the custom secret (will fail)
  3. Validate said token again, but this time use the key on the site's .env (will succeed)

Expected behaviour

The token generated should be able to validate on jwt.io against the (custom) secret you provided.

Actual behaviour

The tokens being generated are still encoded with the site .env secret instead of the provided one.