JWT Issue?

Aarsan · August 18, 2024, 1:38am

i am creating interactive embedding full metabase in to my application .
My backend is laravel.
public function authenticateMetabase($request)
{
$user = $this->DEMO_USER;
$jwt = $this->signUserToken($user);
$returnTo = $request->query('return_to');
\Log::error('data'.json_encode($jwt));
return ["redirect",redirect()->away(config('metabase.url').'/auth/sso?jwt='.$jwt.'&return_to='.$returnTo)];
}

private function signUserToken($user)
{
    $key = config('metabase.secret_key');

    $payload= [
        "email" => $user['email'],
        "first_name" => $user['first_name'],
        "last_name" => $user['last_name'],
        "metabase_user_id" => $user['id'],
        'exp' => now()->addMinutes(10)->getTimestamp(),
        'iat' => now()->addMinutes(10)->getTimestamp(),
    ];

    return JWT::encode($payload, $key, 'HS256');
}

This is my code and i'm using firebase-php jwt package for CREATE JWT token.
But this way of JWT encode is not working to create a session. The response of the redirect message is
The error "Message seems corrupt or manipulated" indicates that Metabase is unable to validate the JWT token due to a signature issue. This likely happens because the signature on the token either doesn't match or is malformed.

Filmon · August 19, 2024, 5:22pm

Hey Aarsan,

Does the token that get generated and returned match the token same string if you were to go to https://jwt.io/ and use your the secret key?
I don't think it's related to the error you're getting but you may want to have your issued and expired timestamps different.

Thanks.