Session token verification issue

dmogil
New Member
8 0 0

Hi guys, I have a PHP code:

$jwtArr = array_combine(['header', 'payload', 'signature'], explode('.', explode(" ", $_SERVER['HTTP_AUTHORIZATION'])[1]));
$calculatedHash = hash("sha256", $jwtArr['header'] . '.' . $jwtArr['payload']); //hashing two joined arguments
$calculatedHash = hash_hmac('sha256', $calculatedHash, SECRET_KEY, true); //hmac the result
$calculatedHash = base64_encode($calculatedHash); //base64 encode

echo $calculatedHash . PHP_EOL; //result
echo $jwtArr['signature']; //signature from the session token

Its been written based on this instruction: https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens#verify-the-signature

But the result never the same as the signature, and I can't get in mind what am I doing wrong. Please help!

Replies 13 (13)
priyankatotalav
New Member
3 0 0

hi @dmogil 

 

I followed your instruction and generated the jwt token in the promiseResult. How will I extract the token from the promiseResult?

const getSessionToken = AppBridgeUtil.getSessionToken;
 let sessionToken = getSessionToken(app).then(res=>sessionToken=res);   
console.log(sessionToken);

I have pasted below the console.log(sessionToken) result.

Promise {<pending>}
[[Prototype]]: Promise
[[PromiseState]]: "fulfilled"
[[PromiseResult]]: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczpcL1wvbW9kYXBwc3Rlc3RzdG9yZS5teXNob3BpZnkuY29tXC9hZG1pbiIsImRlc3QiOiJodHRwczpcL1wvbW9kYXBwc3Rlc3RzdG9yZS5teXNob3BpZnkuY29tIiwiYXVkIjoiMDdiZjZmODFlMWIyZjZmMWRiZDQ3OTA0MWVjMjhkOTMiLCJzdWIiOiI0NjUzOTQ0MDI2MSIsImV4cCI6MTYzNDczNTEyMCwibmJmIjoxNjM0NzM1MDYwLCJpYXQiOjE2MzQ3MzUwNjAsImp0aSI6ImQzMjU1NDAxLWY0YjQtNGE2MC04M2FlLWI1NzlhZThiZjhiZSIsInNpZCI6ImFkYzk3YjhlNTY1YmVkODA4NmIxMjA2OGExZTVlNGU4NjQxZWQzZDMxMWZlZTE4YzI1NTVhODI2NjU2OTk5YzMifQ.r-aS0IUSS5w91b_00dqteSt2SFNWzcpZVJgWs886Oi4"
ParanoidAndroid
Tourist
6 1 0
getSessionToken(app)
.then((token) => {
console.log(token);
});

 

priyankatotalav
New Member
3 0 0

yeah I used console.log to get the token alone.

How do I pass this token to my php?

 

priyankatotalav
New Member
3 0 0

@dmogil @ParanoidAndroid You mentioned to add this block to pass the session token in headers.

My code looks like this

let sessionToken = getSessionToken(app)
.then((res) =>  sessionToken=res);   
let opts={
method: "POST",
headers: { 
    "Content-Type": "application/json",
    "Authorization": "Bearer: "+sessionToken
    }
};

 Where do I check for the headers in my front end?