My first ever Stack Overflow Question - here it goes!

I've encoded a Firebase JWT token to authenticate a 'buyer' in my PHP Slim API. It encodes correctly and generates a JWT token in Postman,

Postman JWT encoding

but when I try to use the JWT for Bearer Authentication to access a group of protected routes in my routes.php file, I receive:

{ "status": "\"kid\" empty, unable to lookup correct key" }

Here's my generateJWT() function: - in Buyer.php class.

public static function generateJWT($id) 
    {
        $buyer = $buyer =  self::findOrFail($id);
        if (!$buyer) {
            return false;
        }
        $key = self::JWT_KEY;
        $expiration = time() + self::JWT_EXPIRE;
        $issuer = 'Lab03_I425.com';
        $token = [
            'iss' => $issuer,
            'exp' => $expiration,
            'isa' => time(),
            'data' => [
                'uid' => $id,
                'name' => $buyer->username,
                'email' => $buyer->email] ];
        return JWT::encode (
            $token,
            $key,
            'HS256',
        );
    }

And here's my validateJWT() function: - - - - in Buyer.php class

public static function validateJWT($token)
    {
        return JWT::decode($token, self::JWT_KEY,  array('HS256') );
    }

I am aware there is a JWT parameter $kid that exists beyond the $payload, $key, $alg params, but I was under the impression it is not necessary to complete authentication. I'm new to using Slim, Tokens, and Web Services so any help would be greatly appreciated.

Here's the authJWT method in my BuyerController.php that is called in routes.php:

public function authJWT(Request $request, Response $response)
    {
        $params = $request->getParsedBody();
        $username = $params['username'];
        $password = $params['user_password'];
        $authBuyer = Buyer::authenticateBuyer($username, $password);
        if ($authBuyer) {
            $status_code = 200;
            $jwt = Buyer::generateJWT($authBuyer->id);
            $results = [
                'status' => 'login successful',
                'jwt' => $jwt,
                'name' => $authBuyer->username
            ];
        } else {
            $status_code = 401;
            $results = [
                'status' => 'login failed',
            ];
        }
        //return $results;
        return $response->withJson($results, $status_code,
            JSON_PRETTY_PRINT);
    }

I looked in the - - - - - vendor\firebase\php-jwt\src\JWT.php - - - - file and noticed

if (empty($kid)) {
    throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}

If I understand correctly, this value can be a string or null, and apparently mine is empty (a string of 0 length) if its returning the aboe UnexpectedValueException().

Why is this? and how can I change this so my JWT middleware allows me to access my grouped routes?

Thank you in advance for your feedback and guidance.

I faced the same problem, but reading the github for firebase package I saw that they changed the decode process.

Now you need to create an instance of the Key class, and use it when calling the decode method, like:

use Firebase\JWT\JWT;
use Firebase\JWT\Key;

$data = JWT::decode($token, new Key($topSecret, 'HS256'));

Using that way fixes my problem and decoding is working now. The version of the package is 6.2.0. Check if you are using that version or greater.