So my web app requires JWT authentication and I decided to make a mockup wrapper class for php-jwt before implementing it into my web app:
class JWTWrapper{
public function newToken($issuedAt, $notBefore, $expire, $server, $sessionData){
$tokenId = base64_encode(mcrypt_create_iv(32));
$notBefore = $notBefore + $issuedAt;
$expire = $expire + $notBefore;
$data = [
'iat' => $issuedAt,
'jti' => $tokenId,
'iss' => $server,
'nbf' => $notBefore,
'exp' => $expire,
'data' => $sessionData
];
$jwt = JWT::encode($data, PRIVATE_KEY, "HS512");
return $jwt;
}
public function getToken($jwt){
if($jwt){
try{
$token = JWT::decode($jwt, PRIVATE_KEY, ["HS512"]);
return $token;
} catch(Exception $e){
return false;
}
} else{
return false;
}
}
public function getTokenData($jwt){
if($jwt){
try{
$token = JWT::decode($jwt, PRIVATE_KEY, ["HS512"]);
return $token->data;
} catch(Exception $e){
return false;
}
} else{
return false;
}
}
}
I've been reading over articles about JWT vulnerabilities such as so im really paranoid I might have made some sort of catastrophic mistake like this (even though its not apparent that I have...)