Need help about auth of type jwt

I have a project and i want to add the auth of type jwt .I will give you a documentation about how to link my app to api login , please how to do this
The SSO Process working on JWT ( JSON Web Token ) for more information and supported libraries for all programming languages
please visit:
And choose a library support ( Verify, HS256, iss check, aud check, exp check, jti check )
PHP we recommend : lcobucci/jwt
.NET we recommend : System.IdentityModel.Tokens.Jwt
JAVA we recommend: org.bitbucket.b_c / jose4j
» What We Need to Register Your Application in Our SSO Platform?
Your Application must be https (SSL)
You Should Have a Sub-Domain Under for Your Application
Your Application Name ( Arabic & English )
Access Level ( Choose One ) [ Public – Students – Staffs – Instructors – ALL UQU Users ]
Your Login URL (URL for The Page or File That Will Process The SSO Login)
Your Logout URL (URL for The Page or File That Will Process The SSO Logout)
Your Email
» We Will Provide you the following :
SSO Link for Your Application
AppCode (JWT ID)
JWT HMAC (SHA256) Sign Key
JWT Issuer
JWT Audience
» [LOGIN] How To Handle the Login SSO Process :
The user will login to our platform then will click on your application SSO link
You will receive the JWT Token passed to your login link that you provided as a POST request ( POST Name: ‘UQU_SSO_{YOU
R_AppCode}’ )
This JWT Token is Signer By HMAC – SHA256
When you receive the JWT you SHOULD Validate the Token by ( Issuer, Audience, Id, expiration time ( the expiration time most
of libraries do it automatically ) ) by the JWT HMAC (SHA256) Key we provide for you
All User Data it’s under claim name (“userData”)
After you got the User Data you SHOULD Validate the user IP with the IP in userData claim
If everything is validated, Start Your Application Session Process as normal with the user data & with your ACL ( Access Level )
or Permissions
If there is any problem in the process or validation return an error ( in the next section )
Example of userData Claim
“userData”: {
“id”: “1436000”,
“firstName”: “”,
“lastName”: “”,
“emailID”: “ssbahamdain”,
“gender”: “M”,
“mainGroupID”: 7,
“defaultLang”: “ar”,
“lastLogin”: “2015-12-06 11:41:51”,
“deptMainID”: 200,
“batchCode”: “143”,
“statusID”: 1,
“ip”: “”,
“tokenTime”: 1449482760
» [ERRORS] How to Handle Any Errors or Failure in SSO process or Permissions Denied by your Application:
If there is any error in SSO process or the user not has a permission on your system you should redirect the user with the error
Redirect to:
{YOUR_FAIL_STATUS} = Replace it By ( error or fail )
{YOUR_APP_CODE} = Replace it By Your AppCode
{YOUR_ERROR_MSG_ENCODED_BASE64} = Replace it By Your Error Message (
UTF-8 and Encoded Base64 )
» [LOGOUT] How To Handle the Logout SSO Process:
To successfully accomplish the SSO sign out, you generally need to perform the following two tasks:
Destroy the user’s session
Return the supposed JSONP response
In your application UI the logout link should be “{YOUR_APP_CODE}
The SSO tool will hit your sign out page’s URL; however, the URL will contain an additional parameter UQU_{YOUR_APP_CODE}, while {YOUR
APP_CODE} represents your given app’s code.
Whenever the SSO tool hit your sign out page’s URL, you firstly need to destroy the user’s session, then return the supposed JSONP
response. The JSONP response must match the following form:
JSONP format
Basically, JSONP response is similar to the function execution form in the most programming languages, so the value of the URL parameter UQ
U_{YOUR_APP_CODE} will be placed in the function name, and JSON will be placed in the function argument. That JSON must contain two
required properties: status and code, while status holds your actual sign out status, and the code holds your given app’s code.
Finally, ensure that your response’s Content-Type is application/javascript.
echo $GET['UQU{YOUR_APP_CODE}’] . ‘(’ . json_encode([‘code’ =>
‘YOUR_APP_CODE’, ‘status’ => true]) . ‘)’;
out.printIn( request.getParameter(“UQU_AppCode”) + “(” + “{“code”:
“YOUR_APP_CODE”, “status”: true}” + “)” );
response.Write( request.Params[“UQU_AppCode”] + “(” + “{“code”:
“YOUR_APP_CODE”, “status”: true}” + “)” );