ModJWT: Working with JSON Web Token (JWT) on MODx

lokamaya · March 30, 2019, 6:35pm

Just developing JSON Web Token (JWT) extra for MODX. Please take a look at https://github.com/lokamaya/modJWT

Demo page: http://modx.lokamaya.com/index.php?id=2

Thanks
–zaenal

lkfranklin · March 30, 2019, 8:53pm

JWT for MODX is very interesting. It might be worth checking this too, though apparently its not production ready yet.

lokamaya · March 31, 2019, 12:32am

Although modJWT can be extended and used for session, but the main purpose of this extra is to provides basic mechanism for issuing or validating Token for restful API.

For example, if I have download files in different domain in the Cloud that need to be secured and protected, and I want to give access to MODx users in other server, this module serving this kind of stateless Token for security.

serverX-domainA: modx installation
serverY-domainB: videos, MP3s, documents, etc.

All files in serverY protected behind Auth-JWT mechanism, similar to Auth-Basic or Auth-Digest but using JWT.

To get those files, modJWT on serverX provides modx users a unique and one-time-use Token for each request to be able to login or pass Auth-JWT on serverY. The Token could be:

Stateless JSON Web Token, or
Stateful JSON Web Token

lokamaya · March 31, 2019, 12:38am

The list of Auth-JWT for web server can be found on jwt.io website

digitalpenguin · March 31, 2019, 1:27am

Very cool. I was just about to start building JWT into a custom app

camicase82 · August 13, 2020, 2:03pm

Hi, got to say your plugin rocks, it saved me lots of time, still missing one thing, where can I config the exp time for the token, I can see this in the code $this->config[‘expAge’] but im confused on where to set the expAge?

halftrainedharry · August 13, 2020, 3:49pm

Just add expAge as a property when you call the jwtEncode-snippet.

[[!jwtEncode? &expAge=`3600`]]

or

$token = $modx->runSnippet('jwtEncode', array('expAge'=>'3600'));

zurie · August 17, 2022, 6:12pm

I have been trying to get this to work for some time but I am missing a crucial step>

fresh install of Modx 2.8.4 or 3.0.1 Install your package…

Edit the JWT example page to return OnValidate and OnToken OnCustom (in the example page). When running the demo and creating a token it makes one… but validating never works. If i copy the created token and paste it in jwt.io it shows up valid and has my key… when I try to run a postman or even your demo it just never works… always get a

{
“_valid”: 0,
“status”: 400,
“statusText”: “Bad Request”,
“errorLog”: "Invalid Token: "
}

should this demo work out of the box? any tips you can offer? should this work with
Authorization Bearer {tokenhere} ?

any advice! thanks so much!

lokamaya · May 31, 2025, 6:36pm

if someone is having trouble getting and validating the JWT Token, try adding the following line to your .htaccess.

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

For security reasons, some admin intentionally stripped out the ‘Authorization’ header from http requests. This makes the JWT Token never reach MODX script.

lokamaya · May 31, 2025, 6:40pm

Hopefully I’ll have time to rewrite modJWT for MODX 3+.