JWT Token Generator and Validator
Description
A complete class in PHP to generate and validate JSON Web Tokens (JWT) without external libraries. Useful for secure API authentication.
Code Snippet
class JWT {
private static $secret = 'your_secret_key';
public static function generate($payload) {
$header = base64_encode(json_encode(['alg' => 'HS256', 'typ' => 'JWT']));
$payload = base64_encode(json_encode($payload));
$signature = hash_hmac('sha256', "$header.$payload", self::$secret, true);
$signature = base64_encode($signature);
return "$header.$payload.$signature";
}
public static function validate($token) {
$parts = explode('.', $token);
if (count($parts) !== 3) return false;
$signature = base64_encode(hash_hmac('sha256', "$parts[0].$parts[1]", self::$secret, true));
return hash_equals($signature, $parts[2]);
}
}
// Usage:
$token = JWT::generate(['user_id' => 42]);
$isValid = JWT::validate($token);