## 1. 引入php-jwt包 composer require firebase/php-jwt ## 2. 生成token ``` //生成token public function createJwt($userId = 'zq') { $key = md5('zq8876!@!'); //jwt的簽發密鑰，驗證token的時候需要用到 $time = time(); //簽發時間 $expire = $time + 14400; //過期時間 $token = array( "user_id" => $userId, "iss" => "http://www.najingquan.com/",//簽發組織 "aud" => "zhangqi", //簽發作者 "iat" => $time, "nbf" => $time, "exp" => $expire ); $jwt = JWTUtil::encode($token, $key); return $jwt; } ``` ## 3. 驗證token ``` //校驗jwt權限API public function verifyJwt($jwt = '') { $key = md5('zq8876!@!'); try { $jwtAuth = json_encode(JWTUtil::decode($jwt, $key, array('HS256'))); $authInfo = json_decode($jwtAuth, true); $msg = []; if (!empty($authInfo['user_id'])) { $msg = [ 'status' => 1001, 'msg' => 'Token驗證通過' ]; } else { $msg = [ 'status' => 1002, 'msg' => 'Token驗證不通過,用戶不存在' ]; } return $msg; } catch (\Firebase\JWT\ExpiredException $e) { echo json_encode([ 'status' => 1003, 'msg' => 'Token過期' ]); exit; } catch (\Exception $e) { echo json_encode([ 'status' => 1002, 'msg' => 'Token無效' ]); exit; } } ``` ## 4. 測試 生成token  驗證token