php-crud-api: Authentication failed for 'JWT'

Hello

I try to get the Auth0 authentification to work, but i’m stuck with a 1012 code Authentication failed for ‘JWT’ I’ve read and try several solutions from the doc, #670 , #639 … I’m still getting the same error in the vanilla.html file just the certificate / with,without the \n / just one kid or two…

Please help me and thanks again to the community

/vanilla.html

var authUrl = 'https://dev-w518***iff11wc6k.us.auth0.com/authorize'; // url of auth0 '/authorize' end-point
var clientId = 'smpc49***deJiv7I7wxelO3o8IoMuY6m'; // client id as defined in auth0
var audience = 'https://davi***81.sg-host.com/api.php/records/'; // api audience as defined in auth0
var url = '/api.php/records/league?filter=sport_id,eq,3';

/api.php

$config = new Config([
        // 'driver' => 'mysql',
        // 'address' => 'localhost',
        // 'port' => '3306',
        'username' => 'uagpshz8ovhzf',
        'password' => '*****',
        'database' => 'dbiwqxn***ytb6',
        'middlewares' => 'cors,xsrf,sanitation,authorization,jwtAuth',
        'cors.allowedOrigins' => '*',
        'cors.allowHeaders' => 'X-Authorization',
        'jwtAuth.secrets' => 'kmjmykJW***ZQrXyY4z-4:-----BEGIN CERTIFICATE----\nMIIDHTCCAgWgAwIBAgIJWMc6cFBrTbAfMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjZaFw0zNzAzMDEwOTQ5MjZaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQE***ADggEPADCCAQoCggEBALAPZsPMCnfiAv5GRLxYSXdzWc5aQZRbZHLIFR4N/pj2FOBBHCbDIQrJPTAtXz6mpF2xTTBoKR7WDXEfG84N1DZ1Ef1ZFyPdjO3tvSsigiZA8IoJkcVJRiO0SChp4G9t+LAxF28hCe9A7e+vHSxkn+3UtbdJsW0D2+RRh/bnz5qjGLxA8HfyGDnsg89R/BCpsDpY64/Kem4TFbcv+VWLPonfOqiZ/VJEWU4CQ9O1n7gH3Vuiqu5XyOgTrx496C7F2FO8KIkD/kH/p0OPOZfvqkTdvDLpEHibBZFfN1LnjPrzhCJaYA2TfY6NtFhJT/nqF/cwmDKg5lebN2FKuuJVPacCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYPLabUPtbt4eYAZO03iSP6oYPswDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQB/XCoUJiG62vbrrs5iCvVh6K8egPUhmb1im6IKZ1/xCfP/DffvlUQGQehphZGpESs+1lzIf8y1yzNEErtZKIN3QZbjR78sjw1eOhjWfuwJMb7pAN8fvkq3ORnldG+vxYHtlAw3BsDrKjgPHmEKywyC+mrTUN37AV4h29UN33SrITbsPdHVzSWRS8UTWYJyEQ13hi6391Kc5QCrTUXX8vL4uz9udd1d8fAhqJUsp11qfu59YeSkBasaZYkVki2NU1IYp8nYdUvJ6okrpReVmOqE6HHsKyOn2lrHfW/8k94HwAbuVtQbESyG0MfugNU4GYcqwstNyoSBbcECi5Bdn75d\n-----END CERTIFICATE-----\n'
        
        /*
        ,LXzmXvnjX3***ekrXJhL6:-----BEGIN CERTIFICATE----\nMIIDHTCCAgWgAwIBAgIJBN5SzkdfETvIMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjdaFw0zNzAzMDEwOTQ5MjdaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJo5cqnJQTFxxtwSyclqpoXfjRLVXyYhEqI9TysAz2kKvAr9SFWWIRTVCl0Tun61vSKo9nA8VJCI2For1lLv/gwyd2UgVKukC3K/j2LJnakR3WOL8dEgM2DAPkQnt1pzhwKDjNkpMwHPBGeumpLr/Sxf6xIBJjOIQyX/ypnBDqnhGn1xjXWOiV***ahAj8pgWttd/Kf6hphh71udj0Vg0QJMwrfD4CyHEkkJshTedSe+D40JVYNXvQs9xp09kk3ePe3Jwo9Sj/LZnEPcVWbzk1Jc95dOqU9BCvUEcIqJmbzdu5bzXIKDZEAtbyzkL1xw4M8lBeK0GkufZuwffNuxjWsCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGF2KTN4XNt1tuQgvfknwL3HVDZIwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQA37piVuFApvv3e46ELlUFy0OD+d2NaxP3di+o7xIcW4aJHh6lUWniWibX1O22qvPivw4se1ByS4Eaa07yHrHX936YcIxz1XyxFMrVJ+8BoBvIJHTY33DUU6YdIUdDZ6/+fQ3oJH6JcC3fBjpX/KZEJARX7TTnnN/VH7fOlchrOddwOao6Edkm1j7v2O6xQqsh7z16facKh3aDzkZsbZIDQgydreGl8MxdrJyFcI+jVrLy/4eCNxdLlBguWS8xybrnmQ8SB03/kBKqQsGmQgbdJTQr6d43VNjkGVlBimR4XYIJjzPHag8LCBJBOLoDhSL5CHi+LZhNwUL1h6axyZ4uh\n-----END CERTIFICATE-----\n'
        */
        
        /*
        'jwtAuth.secrets' => '-----BEGIN CERTIFICATE-----MIIDHTCCAgWgAwIBAgIJWMc6cFBrTbAfMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTAeFw0yMzA2MjMwOTQ5MjZaFw0zNzAzMDEwOTQ5MjZaMCwxKjAoBgNVBAMTIWRldi13NTE4bzh3aWZmMTF3YzZrLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZ***cNAQEBBQADggEPADCCAQoCggEBALAPZsPMCnfiAv5GRLxYSXdzWc5aQZRbZHLIFR4N/pj2FOBBHCbDIQrJPTAtXz6mpF2xTTBoKR7WDXEfG84N1DZ1Ef1ZFyPdjO3tvSsigiZA8IoJkcVJRiO0SChp4G9t+LAxF28hCe9A7e+vHSxkn+3UtbdJsW0D2+RRh/bnz5qjGLxA8HfyGDnsg89R/BCpsDpY64/Kem4TFbcv+VWLPonfOqiZ/VJEWU4CQ9O1n7gH3Vuiqu5XyOgTrx496C7F2FO8KIkD/kH/p0OPOZfvqkTdvDLpEHibBZFfN1LnjPrzhCJaYA2TfY6NtFhJT/nqF/cwmDKg5lebN2FKuuJVPacCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYPLabUPtbt4eYAZO03iSP6oYPswDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQB/XCoUJiG62vbrrs5iCvVh6K8egPUhmb1im6IKZ1/xCfP/DffvlUQGQehphZGpESs+1lzIf8y1yzNEErtZKIN3QZbjR78sjw1eOhjWfuwJMb7pAN8fvkq3ORnldG+vxYHtlAw3BsDrKjgPHmEKywyC+mrTUN37AV4h29UN33SrITbsPdHVzSWRS8UTWYJyEQ13hi6391Kc5QCrTUXX8vL4uz9udd1d8fAhqJUsp11qfu59YeSkBasaZYkVki2NU1IYp8nYdUvJ6okrpReVmOqE6HHsKyOn2lrHfW/8k94HwAbuVtQbESyG0MfugNU4GYcqwstNyoSBbcECi5Bdn75d-----END CERTIFICATE-----'
        */
        
        /*,
        'authorization.tableHandler' => function ($operation, $tableName) {
            return $tableName != 'league';
        }*/
        
        // 'debug' => false
    ]);

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 18 (1 by maintainers)

Most upvoted comments

You could debug yourself through the JwtAuthMiddleware class in the api.php, specifically the getVerifiedClaims function. Check with a debugger or debug statements the correct values of the function parameters and follow the APIs flow through the function until you reach a point where the function “fails” and returns an empty array. That should give you a clue on which specific step the token is invalid.

+2
Dherlou on Jun 26, 2023

You cannot change the algorithm on the receiver (PHP-Crud-API). Here it looks like you can set the algorithm in the Auth0 settings (sender). PHP-Crud-API simply checks the algorithm defined in the header part of the JWT and uses this algorithm for verification.

I would head over to https://jwt.io/ and do a dry-run outside of PHP-Crud-API. Paste your sample data there and check whether you can successfully verify a JWT there. If you get it working, use these information to correct your settings/secrets in PHP-Crud-API. This website does the verification on the client-side, but if you want to be extra safe, use another auth0 application/secrets. Also, pay attention to the selection of the algorithm in both auth0 and the website to match.

+1
Dherlou on Jun 27, 2023

I’ll take a look at our code at work tomorrow, but if I remember correctly, we are using the HS256 algorithm.

+1
Dherlou on Jun 26, 2023

yes that means ‘all’

Correct.

Unfortunately, I can only give you theoretical guidance, because I neither have access to the secret nor have I used Auth0, but we did manually create JWTs with our own identity provider, so I also had to go through this debug mess until I found our issue, but it was solvable at the end and is working like a charm now.

Given your debug log, you see at the last line that the getClaims function returns an empty array, which means “no resolvable claims”, which in turn means that the authentication failed. getClaims calls getVerifiedClaims under the hood, so try to add some more debug statements into different spots inside the getVerifiedClaims function to further nail down which of the early return conditions is fulfilled and returns the empty array before the actual ‘successful’ end of the method is reached.

Once you find out which conditional leads to an early return, you also know what is the reason for your authentication failure.

+1
Dherlou on Jun 26, 2023
Read more comments on GitHub
← fx: Error go-getting the project: dependency
php-crud-api: Can't delete multiple values. Only single  →