Creating and Verifying JWT Signatures in PHP using HS256 and RS256

JSON Web Tokens (JWTs) are widely used these days for authentication purposes be it for the traditional session cookie tokens, API tokens or even OAuth 2.0 access tokens. Obviously the major benefit with JWTs is that the server doesn’t need to store the session data into it’s own memory or a separate file or database or a cache system (redis, memcached, etc.). Hence data is not “stored” anywhere nor do we have to read from or write to an external database or caching layer to fetch/store session information which becomes a bigger problem with scale (distributed data with load balancers, etc.). Although practically in most cases you’ll end up taking an ID from the JWT (server-side) and query the DB to get more information or at least validate it. So the last portion (around scale) isn’t really a benefit in the longer run but is still a point to make for a small/medium sized app which still has load balancers and multiple external databases and caching systems.

Continue reading Creating and Verifying JWT Signatures in PHP using HS256 and RS256

Adding Cross Origin Resource Sharing (CORS) Support In Your Laravel PHP Application

Adding Cross Origin Resource Sharing (CORS) support to your Laravel app is pretty straightforward and in this article, we’ll take a look at how to do that using Laravel middlewares. If you’re reading this post then you already know about CORS which is a solution for cross origin XHR or Fetch requests. Incase you want to get an in-depth knowledge on this topic, read these:

Continue reading Adding Cross Origin Resource Sharing (CORS) Support In Your Laravel PHP Application