search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.29k stars 1.54k forks source link

setSecret method for custom JWT key is not working #2234

Open nargalzius opened 11 months ago

nargalzius commented 11 months ago

JWTAuth::getJWTProvider()->setSecret() doesn't seem to be working

So I have a method that will allow generation of custom JWTs for different sites (with different JWT secrets)

Here's the method, pretty simple and it used to work fine before I upgraded to Laravel 9

protected function createUserToken($user, $claims = null, $secret = null) {

        // GENERATE KEY WITH DIFFERENT JWT_SECRET
        if($secret) {
            JWTAuth::getJWTProvider()->setSecret($secret);
        }

        if($claims) {
            $factory = JWTFactory::customClaims($claims);

            $payload = $factory->make();

            return JWTAuth::encode($payload);
        }

        return JWTAuth::fromUser($user); 
    }

Your environment

Q A
Bug? yes
New Feature? no
Framework Laravel
Framework version 9
Package version 2
PHP version 8.2

Steps to reproduce

  1. Generate any token with a custom secret key
  2. Validate said token on jwt.io, and you'll notice that it will not be validated with the custom key you provided (will fail)
  3. Validate said token again, but this time use the key on the site's .env (will succeed)

Expected behaviour

The token generated should be encoded with the custom key, and should be able to validate on jwt.io when you provide said custom key.

Actual behaviour

The tokens being generated are still using the site's key instead of the custom provided key through the setSecret() method

pcualmac commented 5 months ago

yes is same for me. Still an issues