Tag: php

Decode WSO2 App Manager generated JWT in PHP Web App

In this post we are going to see how to decode the JWT token in a PHP app which is published through APP Manager.

Environment – Ubuntu
IDE – NetBeans
JWT library for php – firebase/php-jwt
Server – apache web server

1. Create PHP web app to decode the JWT token and display

1.1 Create a new PHP project in netbeans – Lets say JWTDecode

1.2 Add the  firebase/php-jwt library as dependency to the project

Install composer to ubuntu. (Find what is composer and how to use it here)
Add firebase/php-jwt library as dependency to project using composer.

a. Right click the project -> composer->add dependency

composer-add-dependancy1

b. Type firebase/php-jwt in token text box and search. Select the firebase/php-jwt from
the search result. Select the latest release version and press require button

composer-add-dependancy2

c. Once dependency is added project will look like this

composer-add-dependancy3

1.3 Write code to decode and display jwt token. Add follwoing code to index.php


<?php
//for login
openlog("myScriptLog", LOG_PID | LOG_PERROR, LOG_LOCAL0);
//include firbase jwt library
require_once('vendor/autoload.php');
use \Firebase\JWT\JWT;
//public key of appmanager(default wso2cabon servers public key)
$publicKey = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzO
M4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe
0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXn
RS4HrKGJTzxaCcU7OQIDAQAB
-----END PUBLIC KEY-----
";

$headers = getallheaders();
//Read jwt token from http header X-JWT-Assertion;
$encodedJwtToken = $headers['X-JWT-Assertion'];
echo "<b>encoded jwt token recevied from appamanger</b>
";
echo $encodedJwtToken."";

//decode the token with signature verification.
$decodedJwtToken = JWT::decode($encodedJwtToken, $publicKey, array('RS256'));
echo "<b>decoded jwt token payload :</b>"."
";

foreach($decodedJwtToken as $key=>$val){
echo $key . ': ' . $val . '';
}

?>

2. Deploy the created web app in apache web server
(How to install Apache webs server on Ubuntu can be found here)

2.1 Navigate to  /var/www/ directory and add the web app
2.2 Start the Apache server  with command “sudo /etc/init.d/apache2 start”. Now web app can be directly access with url : http://localhost/JWTDecode/

3. Publish the deployed web app through app manager  to decode and display the jwt token 

3.1 Publish the app through App Manager (give the create webapp url http://localhost/JWTDecode/ as web app url )

create-jwt-webapp1

3.2  Go to the store find the created web app (jwt demo) and access the url http://xxxx:8280/jwt/1/.  As you can see in the image .,JWT sent from gateway to back-end app is processed(decoded) and displayed.

default-jwt-claim
By default only role claim is sent to the back-end web app. If you want to send more claims of user  then you have to do following steps
a.  Set <AddClaimsSelectively> element value as ‘true’ in  <AppM_HOME>/repository/conf/app-manager.xml
b. Restart the App Manager server
c. Go to the edit view of created web app in publisher web app
d. Under advanced configuration select the claims which should be included in JWT

create-jwt-webapp2

e. Update and access the web app .Now you will get selected claims in JWT

selective-claim

 

Download the sample php project here