API setup and example

📦 Install & Upgrade Help
22

Progress! Looks like you need to split out the three fields in there separated by dot (’.’) THEN you can base64 decode to get the field:

Explode access_token
Array
(
    [0] => eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjA2YjBmMjUyYjM0ZWI2ZmYyZTc5MGM0MTUwYTk0MjY0MDM5MGQzYjE3YjU1YzY0NGE2MGFiODNjOWQzMjI3N2U4M2E4ODU4YzI5M2Y2ZjhkIn0
    [1] => eyJhdWQiOiJkNDM1MWI4Mi1kOTJjLTVlZTMtMzAwOC01ZGUyZThhN2YwZjYiLCJqdGkiOiIwNmIwZjI1MmIzNGViNmZmMmU3OTBjNDE1MGE5NDI2NDAzOTBkM2IxN2I1NWM2NDRhNjBhYjgzYzlkMzIyNzdlODNhODg1OGMyOTNmNmY4ZCIsImlhdCI6MTU5NzU5MjI1OCwibmJmIjoxNTk3NTkyMjU4LCJleHAiOjE1OTc1OTU4NTgsInN1YiI6IiIsInNjb3BlcyI6W119
    [2] => BxzLJEqdPVJgYpwIi8HmainFZ3xtmJLEfmiFDvqa_XIVXHoSRFd2xJLGqWGqrdBmqlwLSWkAW1Y5ewe9PVNdVwPp_UiYU0msnKTHMX2Egchd0XFgF0KU7-OUtp-L7itEs4lHI_ya5B2ZKIzn4xfE3d-EfKEo1HpTp8__PMMT88l_s0aaGDmdUFqpK1DQxRiTOdKXw7NjYTegF2eH6sxecj0tbRj3XUr921JmhjxqPu9piN5bg02ylsOLzO3C5ERZfUl1HjweDY8wgycvperpx6igBX2cKB_32WEk2DsWbrRZcuqK5ERdQjYOffRKHHI8v23hs-E6B1o1SkFQFMaPxw
)
base64_decode
{"typ":"JWT","alg":"RS256","jti":"06b0f252b34eb6ff2e790c4150a942640390d3b17b55c644a60ab83c9d32277e83a8858c293f6f8d"}Decoding bearer
stdClass Object
(
    [typ] => JWT
    [alg] => RS256
    [jti] => 06b0f252b34eb6ff2e790c4150a942640390d3b17b55c644a60ab83c9d32277e83a8858c293f6f8d
)
JTI = 06b0f252b34eb6ff2e790c4150a942640390d3b17b55c644a60ab83c9d32277e83a8858c293f6f8d

NOTE: still unable to decrypt refresh token – not sure what I should be passing in – tried both the base64 version and the jti

Thoughts?

-dvd

PS: found this site that can decode the entire response https://jwt.io/ and it verifies the signature using the public key so i know the server is sending a valid token