Examples for validating AuthentiChip JWTs in PHP applications.
- PHP 7.4 or higher (PHP 8.x recommended)
- Composer for dependency management
Install the Firebase JWT library:
composer require firebase/php-jwtvalidate_jwt.php- Standalone JWT validation functionlaravel_middleware.php- Laravel middleware examplewordpress_plugin.php- WordPress plugin integration example
require 'vendor/autoload.php';
require 'validate_jwt.php';
// Get the JWT from query string
$jwt = $_GET['vkjwt'] ?? null;
if ($jwt) {
try {
$chipId = validateAuthentiChipJWT($jwt);
echo "Verified chip ID: " . $chipId;
// Use $chipId to look up item info, grant access, etc.
} catch (Exception $e) {
http_response_code(401);
echo "Invalid chip: " . $e->getMessage();
}
} else {
// Check for insecure/expired status
$status = $_GET['vkstatus'] ?? null;
$uid = $_GET['vkuid'] ?? null;
if ($status === 'insecure' || $status === 'expired') {
// Unverified scan - handle accordingly
echo "Unverified scan (status: $status, UID: $uid)";
} else {
echo "No authentication parameters provided";
}
}- Copy
laravel_middleware.phptoapp/Http/Middleware/ValidateAuthentiChip.php - Register the middleware in
app/Http/Kernel.php - Apply to routes:
Route::get('/product/{id}', [ProductController::class, 'show'])
->middleware('authentichip');- Access the chip ID in your controller:
public function show(Request $request, $id)
{
$chipId = $request->attributes->get('chip_id');
// $chipId is null for unverified scans
if ($chipId) {
// Verified - show full details
} else {
// Unverified - limited info only
}
}- Copy
wordpress_plugin.phptowp-content/plugins/authentichip/ - Activate the plugin in WordPress admin
- Use the action hook in your theme/plugin:
add_action('authentichip_verified', function($chipId) {
// Handle verified chip scan
error_log("Verified chip: " . $chipId);
});
add_action('authentichip_unverified', function($uid, $status) {
// Handle unverified scan
error_log("Unverified scan - UID: $uid, Status: $status");
}, 10, 2);- Always validate JWT signatures - never trust without verification
- Use HTTPS for your target URLs to prevent token interception
- Cache the JWKS response (1-24 hours) to reduce API calls
- Reject expired tokens (checked automatically by the library)
- Log failed validation attempts for security monitoring
To test your integration:
- Set up your AuthentiChip target URL pointing to your development server
- Register a test chip
- Scan and verify parameters are received correctly
- Test with an expired/invalid JWT to verify error handling
"Unable to parse key" error: The JWKS endpoint may be unreachable or the response format changed. Check your internet connection and the JWKS URL.
"Expired token" error: JWTs expire 5 minutes after issuance. This is normal for old scans.
"Signature verification failed" error: The JWT was tampered with or signed by a different key. This should be treated as an attack attempt.