Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

raziel79's avatar

JWT invalid payload

Dear All,

I have JWT on fresh installation of Laravel 5.5. I need to use with web http request not with api so i save my token in a cookie but after login i receive error message "The Payload is invalid."

Here my AuthController


<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Validator;
use JWTAuth;

class AuthController extends Controller
{
    /**
     * Authenticate an user.
     *
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function authenticate(Request $request)
    {
        $credentials = $request->only('email', 'password');
        
        $validator = Validator::make($credentials, [
            'email' => 'required|email',
            'password' => 'required'
        ]);
        
        if ($validator->fails()) {
            return response()
                ->json([
                    'code' => 1,
                    'message' => 'Validation failed.',
                    'errors' => $validator->errors()
                ], 422);
        }
        
        $token = JWTAuth::attempt($credentials);
        
        if ($token) {

            $cookie = cookie('token', $token, 60);

            return redirect('restricted')->cookie($cookie);
            
        } else {
            return response()->json(['code' => 2, 'message' => 'Invalid credentials.'], 401);
        }
    }
    
    /**
     * Get the user by token.
     *
     * @param  Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function getUser(Request $request)
    {
        JWTAuth::setToken($request->input('token'));
        $user = JWTAuth::toUser();
        return response()->json($user);
    }
}

the token is correctly generated but when redirect i receive this error:

Illuminate\Contracts\Encryption\DecryptException thrown with message "The payload is invalid."

Stacktrace:
#54 Illuminate\Contracts\Encryption\DecryptException in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:191
#53 Illuminate\Encryption\Encrypter:getJsonPayload in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:134
#52 Illuminate\Encryption\Encrypter:decrypt in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php:221
#51 Illuminate\Support\Facades\Facade:__callStatic in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Parser/Cookies.php:44
#50 Tymon\JWTAuth\Http\Parser\Cookies:parse in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Parser/Parser.php:91
#49 Tymon\JWTAuth\Http\Parser\Parser:parseToken in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Parser/Parser.php:104
#48 Tymon\JWTAuth\Http\Parser\Parser:hasToken in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Middleware/BaseMiddleware.php:51
#47 Tymon\JWTAuth\Http\Middleware\BaseMiddleware:checkForToken in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Middleware/BaseMiddleware.php:67
#46 Tymon\JWTAuth\Http\Middleware\BaseMiddleware:authenticate in /home/vagrant/code/learn-auth/vendor/tymon/jwt-auth/src/Http/Middleware/Authenticate.php:30
#45 Tymon\JWTAuth\Http\Middleware\Authenticate:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#44 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#43 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php:41
#42 Illuminate\Routing\Middleware\SubstituteBindings:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#41 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#40 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:67
#39 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#38 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#37 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49
#36 Illuminate\View\Middleware\ShareErrorsFromSession:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#35 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#34 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:63
#33 Illuminate\Session\Middleware\StartSession:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#32 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#31 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37
#30 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#29 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#28 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:59
#27 Illuminate\Cookie\Middleware\EncryptCookies:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#26 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#25 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#24 Illuminate\Pipeline\Pipeline:then in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Router.php:660
#23 Illuminate\Routing\Router:runRouteWithinStack in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Router.php:635
#22 Illuminate\Routing\Router:runRoute in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Router.php:601
#21 Illuminate\Routing\Router:dispatchToRoute in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Router.php:590
#20 Illuminate\Routing\Router:dispatch in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176
#19 Illuminate\Foundation\Http\Kernel:Illuminate\Foundation\Http\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30
#18 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/fideloper/proxy/src/TrustProxies.php:56
#17 Fideloper\Proxy\TrustProxies:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#16 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#15 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:30
#14 Illuminate\Foundation\Http\Middleware\TransformsRequest:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#13 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#12 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:30
#11 Illuminate\Foundation\Http\Middleware\TransformsRequest:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#10 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#9 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php:27
#8 Illuminate\Foundation\Http\Middleware\ValidatePostSize:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#7 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#6 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:46
#5 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode:handle in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:149
#4 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#3 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#2 Illuminate\Pipeline\Pipeline:then in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151
#1 Illuminate\Foundation\Http\Kernel:sendRequestThroughRouter in /home/vagrant/code/learn-auth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116
#0 Illuminate\Foundation\Http\Kernel:handle in /home/vagrant/code/learn-auth/public/index.php:55

any ideas?

PS. i have also try to insert in EncryptCookies middleware in except property, token name but same error.

0 likes
1 reply
raziel79's avatar

Update: if i disable decrypt_cookie in config/jwt.php and add in EcnryptCookies middleware

 protected $except = [
    'token'
    ];

it work's, anyone can me explain why?

Please or to participate in this conversation.