Introduction
JSON Web Tokens (JWT) are quickly becoming a great way of authorizing users to perform certain actions but a lot of things can go wrong as well in the implementation. We are going to build a JWT lab that does not check if the signature is valid but not before we give you an overview of what a JWT token looks like.
Make a connection
THE SERVER GETS ERASED EVERY 24 HOURS
- [ ] FTP connection: hackxpert.com
- [ ] User: Training
- [ ] Password: test
- [ ] Create a new file on the server
- [ ] Use “nickname.php” for example “rat.php” where the nickname can be anything, as long as you can copy and paste it
Let’s create a way of generating JWT tokens
add the following code to your file:
(Source: https://roytuts.com/how-to-generate-and-validate-jwt-using-php-without-using-third-party-api/)
<?phpinclude('instructions.php');function generate_jwt($headers, $payload, $secret = 'secret', $encoding = 'SHA256') {
$headers_encoded = base64url_encode(json_encode($headers));
$payload_encoded =…
