Create and Verify JWTs in PHP with OAuth 2.0

Create and Verify JWTs in PHP with OAuth 2.0

Learn how to create and verify JWTs in PHP and how to use them with OAuth 2.0

Hasan Teoman Tıngır

signatures doesn’t match with each other

Rizwan Abbasi

Same is the case with me. It says "The signature is NOT valid"
Any idea what went wrong?


I just ran through the code from scratch and it worked fine. Double check that you’ve defined a secret in the .env file, and that you’ve copied the code exactly as it is in this post.

Rizwan Abbasi

Thank you, working here as well.

Steeve Cordier

Work like a charm, thx you Krasimir Hristozov !
(i didn’t use vendor/autoload.php tho, but i just need to encode JWT token, not decode)


I have this wired case where a JWT token is set by app to the web-view and the web-view communicates to the different server not the ones that generates the JWT token. So how can one validate that this token is generated by the app server itself on the web-view server?
Is it possible without making additional CURL request to the app server to validate the tokens validity?
Or should the web-view’s server use the algorithm and secret to validate the signature of the token?



Kornelije Kovac

Damn, this is not plain PHP, but some composer and carbon. How do we use this in Wordpress?


If it is useful for you, I’ve created a plain PHP based on this article. It’s on github:

Kornelije Kovac

Thanks, I will study this thoroughly.