You are Here
Javacript PHP

JWT for Access Control

2 min read

Here is an example of how you could use JavaScript and PHP to implement JWT-based access control:

  1. The client (JavaScript) sends a login request to the server (PHP) with a username and password.
  2. The server verifies the credentials and, if they are valid, generates a JWT that contains a payload with the user’s information and a secret key.
  3. The server sends the JWT back to the client.
  4. The client stores the JWT in a cookie or local storage and uses it to authenticate subsequent requests to the server.
  5. When the client makes a request to a protected resource, it sends the JWT in the Authorization header.
  6. The server (PHP) verifies the JWT using the secret key and grants or denies access to the protected resource based on the information contained in the JWT.

Here is some sample code that demonstrates how this could work in practice:

// Send login request to the server
async function login(username, password) {
  const response = await fetch('/login', {
    method: 'POST',
    body: JSON.stringify({ username, password }),
    headers: { 'Content-Type': 'application/json' },
  });
  const data = await response.json();
  if (data.success) {
    // Store JWT in a cookie or local storage
    localStorage.setItem('jwt', data.jwt);
  }
  return data;
}

// Make a request to a protected resource
async function getProtectedResource() {
  const response = await fetch('/protected-resource', {
    headers: {
      'Authorization': `Bearer ${localStorage.getItem('jwt')}`,
    },
  });
  const data = await response.json();
  console.log(data);
}


<?php

use \Firebase\JWT\JWT;

// Verify the JWT and grant or deny access to the protected resource
function authenticate($jwt) {
  try {
    // Decode the JWT using the secret key
    $decoded = JWT::decode($jwt, $secretKey, array('HS256'));
    // If the JWT is valid, return the user's information
    return $decoded->user;
  } catch (\Exception $e) {
    // If the JWT is invalid, return an error
    return array('error' => $e->getMessage());
  }
}

// Handle login request
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['PATH_INFO'] === '/login') {
  // Verify the username and password
  $username = $_POST['username'];
  $password = $_POST['password'];
  if (verifyCredentials($username, $password)) {
    // If the credentials are valid, generate a JWT
    $payload = array(
      'user' => array(
Share
Facebook Twitter Pinterest Linkedin

Related Posts