Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Possibility to extract the token before handling? #107

Open
derpoho opened this issue Mar 25, 2018 · 3 comments
Open

Possibility to extract the token before handling? #107

derpoho opened this issue Mar 25, 2018 · 3 comments
Labels

Comments

@derpoho
Copy link

derpoho commented Mar 25, 2018

Hey,

following Use Case:

  • tokens are very big due to some additional info.
  • for better user experience (will be shown as api keys) tokens would need to be shortened
  • idea is to either Md5, Base64 or custom encode the tokens to be shorter and to extract them before your lib handles/verifies them.

If have not seen any possibility in your code yet, did i miss anything?

Might be a small Usecase, but a setting with a callback function to modify the token before it is extracted might be nice.

Greets!

@tuupola
Copy link
Owner

tuupola commented Mar 25, 2018

Yep, big token size is a problem with JWT. For smaller token sizes you could use for example Branca tokens together with MessagePack payload. This is what I am using these days unless project spec specifically says the token must be a JWT. My use case is often the same as yours, API keys which contain some extra data.

https://github.com/tuupola/branca-php
https://github.com/tuupola/branca-middleware

I also wrote a blog post at some about shrinking the token size. Examples are in JavaScript but the same applies for PHP.

https://appelsiini.net/2017/branca-alternative-to-jwt/

@derpoho
Copy link
Author

derpoho commented Mar 25, 2018

I like what i see on Branca. ;) Will implement this on my current project.
Still, the callback before the token gets validated might make sense, doesn't it?

@tuupola
Copy link
Owner

tuupola commented Apr 3, 2018

For the above mentioned usecase md5 would not work since it is a hashing algorithm. It is one way only. You can make a hash from the token but you cannot make the token from the hash. Base64 also would not help since JWT already is Base64 encoded.

Did not test but. What might help is compressing the token with LZW or something similar and then Base64 encoding it. However now the token is not JWT anymore, it is something else.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants