Open MathTV opened 1 year ago
Sorry for taking so long in getting back to you about this.
I'm not sure what error you're talking about. I haven't run into any error with any of my testing with embedq2.
I was just looking into it, and it looks like only the state
is intended to be encoded/decoded using $statesecret
. Line 39 is decoding the wrapping JWT, which contains the encoded state, but the wrapping JWT itself isn't meant to be encoded or decoded using $statesecret
. Instead, it's either encoded with no key (for practice use), or the JWT should include an auth
key (for more secure scenarios), in which case the JWT decode method automatically looks up the associated key during the decode process.
The $statesecret
is meant to be something only the site hosting embedq2 knows, while the JWT auth
key is a shared secret between the page hosting embedq2 and the page embedding it.
$statesecret is not passed to the decode method at line 39:
`
`
Adding $statesecret elliminates decode error:
`
`