Creating JSON Web Token in php for annotator.js

Question

I would like to install the (amazing) annotator.js script from www.annotateit.org. In order to have the annotations saved on their storage service, I need to "authenticate" using a JWT on my end. I need help on how to do this in php.

1) The website at http://docs.annotatorjs.org/en/latest/authentication.html explains what needs to be done in python, but my hosting service does not offer python support.

2) I found this https://github.com/firebase/php-jwt/blob/master/Authentication/JWT.php which apparently can allow me to create the JWT in php. I am not sure what to do with it though.

3) In order to activate the plugin, I need to add the following script which calls the token somehow:

$(body).annotator()
   .annotator('setupPlugins', {tokenUrl: 'http://example.com/api/token'});

4) I would love to know the specific steps I need to take to use the php script, use my public and secret key (which I obtained from the annotateit.org website), and thereby activate the plugin on my website.

If I can improve this question with more specifics, I'd be happy to do so if you let me know what other information you need to help me.

Answer 1

there is a very simple (and working) library that does everything you need, namshi/jose.

We wrote it and released it to the public months ago, and is the auth mechanism behind our architecture.

To use it it's a matter of 2 minutes:

$jws  = new JWS('RS256');
$jws->setPayload(array(
    'somedata' => $yourData,
));

$privateKey = openssl_pkey_get_private("file://path/to/private.key", 'YOUR_PASSPHRASE');
$jws->sign($privateKey)

$jws = $jws->getTokenString();

There you go, now you can do whatever you want with the jwt.

If you want some more details, I blogged about this a while ago.

Cheers!