Decode WSO2 App Manager generated JWT in PHP Web App

In this post we are going to see how to decode the JWT token in a PHP app which is published through APP Manager.

Environment – Ubuntu
IDE – NetBeans
JWT library for php – firebase/php-jwt
Server – apache web server

1. Create PHP web app to decode the JWT token and display

1.1 Create a new PHP project in netbeans – Lets say JWTDecode

1.2 Add the  firebase/php-jwt library as dependency to the project

Install composer to ubuntu. (Find what is composer and how to use it here)
Add firebase/php-jwt library as dependency to project using composer.

a. Right click the project -> composer->add dependency


b. Type firebase/php-jwt in token text box and search. Select the firebase/php-jwt from
the search result. Select the latest release version and press require button


c. Once dependency is added project will look like this


1.3 Write code to decode and display jwt token. Add follwoing code to index.php

//for login
openlog("myScriptLog", LOG_PID | LOG_PERROR, LOG_LOCAL0);
//include firbase jwt library
use \Firebase\JWT\JWT;
//public key of appmanager(default wso2cabon servers public key)
$publicKey = "-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----

$headers = getallheaders();
//Read jwt token from http header X-JWT-Assertion;
$encodedJwtToken = $headers['X-JWT-Assertion'];
echo "<b>encoded jwt token recevied from appamanger</b>
echo $encodedJwtToken."";

//decode the token with signature verification.
$decodedJwtToken = JWT::decode($encodedJwtToken, $publicKey, array('RS256'));
echo "<b>decoded jwt token payload :</b>"."

foreach($decodedJwtToken as $key=>$val){
echo $key . ': ' . $val . '';


2. Deploy the created web app in apache web server
(How to install Apache webs server on Ubuntu can be found here)

2.1 Navigate to  /var/www/ directory and add the web app
2.2 Start the Apache server  with command “sudo /etc/init.d/apache2 start”. Now web app can be directly access with url : http://localhost/JWTDecode/

3. Publish the deployed web app through app manager  to decode and display the jwt token 

3.1 Publish the app through App Manager (give the create webapp url http://localhost/JWTDecode/ as web app url )


3.2  Go to the store find the created web app (jwt demo) and access the url http://xxxx:8280/jwt/1/.  As you can see in the image .,JWT sent from gateway to back-end app is processed(decoded) and displayed.

By default only role claim is sent to the back-end web app. If you want to send more claims of user  then you have to do following steps
a.  Set <AddClaimsSelectively> element value as ‘true’ in  <AppM_HOME>/repository/conf/app-manager.xml
b. Restart the App Manager server
c. Go to the edit view of created web app in publisher web app
d. Under advanced configuration select the claims which should be included in JWT


e. Update and access the web app .Now you will get selected claims in JWT



Download the sample php project here


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s