Possibility to extract the token before handling?

[derpoho]

Hey,

following Use Case:

• tokens are very big due to some additional info.
• for better user experience (will be shown as api keys) tokens would need to be shortened
• idea is to either Md5, Base64 or custom encode the tokens to be shorter and to extract them before your lib handles/verifies them.

If have not seen any possibility in your code yet, did i miss anything?

Might be a small Usecase, but a setting with a callback function to modify the token before it is extracted might be nice.

Greets!

[tuupola]

Yep, big token size is a problem with JWT. For smaller token sizes you could use for example Branca tokens together with MessagePack payload. This is what I am using these days unless project spec specifically says the token must be a JWT. My use case is often the same as yours, API keys which contain some extra data.

https://github.com/tuupola/branca-php
https://github.com/tuupola/branca-middleware

I also wrote a blog post at some about shrinking the token size. Examples are in JavaScript but the same applies for PHP.

https://appelsiini.net/2017/branca-alternative-to-jwt/

[derpoho]

I like what i see on Branca. ;) Will implement this on my current project.
Still, the callback before the token gets validated might make sense, doesn't it?

[tuupola]

For the above mentioned usecase md5 would not work since it is a hashing algorithm. It is one way only. You can make a hash from the token but you cannot make the token from the hash. Base64 also would not help since JWT already is Base64 encoded.

Did not test but. What might help is compressing the token with LZW or something similar and then Base64 encoding it. However now the token is not JWT anymore, it is something else.