i am creating a jwt token ,i use secret key based on the platform which i am giving in my api request.Based on platforms in stored secret key in my config.now if i change platforms in my config then there should be an error while creating token as it will not get secret key but still its creating the token without secret key.
curl --location --request POST 'http://localhost/api/api/v1/atom/auth/createToken?key=d32121c70dda5edfgd1df6633fdb36c0&platform=M' \
--header 'Content-Type: application/json' \
--header 'Cookie: refresh=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjbGllbnRfaWQiOiJBWVFMWjVITVFHRFQ4OEw5T0RZSUNJSVY2SFlIMkMwWCIsInVzZXJuYW1lIjoiYmN1TTR3WHJPODUyQW9mbXc9PV9DIiwidXNlcl9pZCI6IjMiLCJwbGF0Zm9ybSI6Ik0iLCJyZXF1ZXN0X3R5cGUiOiJyZWZyZXNoX3Rva2VuIiwiZXhwaXJlc19pbiI6MTY5NjQ3NzMxNn0.FVw5Skk29oyaS1jFj9TMvZFdvzFqHMYlUwVfgSE5zCc' \
--data-raw '{
"client_id":"AYQLZ5HMQGDT88L9ODYICIIV6HYH2C0X",
"username":"bcuM4wXrO852Aofmw==_C",
"user_id":"3",
"platform":"M"
}'
This is my token creation api, I am creating token for platform M which i passed in params.
$config['oauth_client_details'] = array(
'D_A' => array('access_token_api_url' => 'atom/auth/createToken',
'client_id' => 'AYQLZ5HMQGDT88L9ODYICIIV6HYH2C0X',
'client_secret' => 'A@kamalshike@Tiwari&ayodhya!@#12987$%',
'auth_token_expiry_in' => 604800,
'refresh_token_expiry_in' => 1209600
))
This is my config as I am not having an config for platform M. I am getting blank secret key in my code.
$this->authClientDetails = \Registry::get('config.oauth_client_details')[$this->_request_data['platform']];
I am getting blank in this variable which I am passing in below code:
$encoded_access_token = $this->jwtToken->encode($payload_data,$this->authClientDetails['client_secret'],'HS256');
Instead of giving me an error it's creating a token, I read the code which written in my JWT library. There is nothing in that code which says that $key is optional parameter.
How will i solve this?