#### Repository
https://github.com/bcit-ci/CodeIgniter

#### What Will I Learn?
- Decode token
- Handle response token invalid

#### Requirements
- Basic PHP
- Install Ci > 3.1
- Local server (Xampp, Wampp, or etc)
- Mysqli


#### Resources
- Code igneter - https://www.codeigniter.com/
- JSON Web tokens - https://jwt.io/

#### Difficulty
Basic

### Tutorial Content

In the previous tutorial, we have made API endpoints that we have used. You can see in the curriculum section in this tutorial. We have successfully encoded tokens and generated these tokens into an access key to access an endpoint [previous tutorial](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igniter-5-get-user-data-encode-data-and-generate-token-1540704402037). **The token** is the result of generating *user data* and *secret key* that we have created. Well in this tutorial, we will see how to *decode* the generated token, So that we know what data is contained in the token, we will learn it in this tutorial.

#### Create new endpoint to check token

In this tutorial series, we have had several API Endpoints, now we will add one new endpoint. This endpoint is useful for checking data contents from tokens sent by the user. the following is a list of the latest endpoints in **routes.php**:

**config/routes.php**

```
<?php
defined('BASEPATH') OR exit('No direct script access allowed');

//Routes
$route['api/users']['GET'] 			= "UsersController/all_users";
$route['api/users/(:num)']['GET']	= "UsersController/detail_user/$1";
$route['api/register']['POST'] 		= "UsersController/register";
$route['api/user/(:num)']['PUT'] 	= "UsersController/update/$1";
$route['api/user/(:num)']['DELETE'] = "UsersController/delete/$1";
$route['api/login']['POST']		    = "UsersController/login";

//Endpoint to check token
$route['api/check-token']['GET'] 	= "UsersController/check_token ";

$route['default_controller'] = 'welcome';
$route['404_override'] = '';
$route['translate_uri_dashes'] = FALSE;
```

- **New endpoint:** ```$route['api/check-token']['GET'] 	= "UsersController/check_token ";```
Our new endpoint URL is in the routing ```api/check_token``` with method **GET** and the function in controller is ```check_token()```

#### Create function for ```check_token()```

We have defined the function ```check_token()``` in the routing above, now we will start to make its function in the **UserControllers.php**. So in this function later, when we want to ***decode*** the token, we put the token in the **header**. for more details, we can see the function below:

**UserControllers.php**

 ```
 public function check_token() {
		$jwt = $this->input->get_request_header('Authorization');

		try {
			//decode token with HS256 method
			$decode = JWT::decode($jwt, $this->secret, array('HS256'));
		} catch(\SignatureInvalidException $e) {

			var_dump($e); //var_dump error
		}
	}
 ```

- **Set Authorization in header :** We will decode the token, to pass the token we can put it in the **header** when doing a request to the **API**. We will pass the token with the **autorization header**. If using **POSTMAN** we can see it like the following picture:

![Screenshot_10.png](https://ipfs.busy.org/ipfs/QmbQzz6sCH55ieZyPKEsk3EuZR53Y79Y2WwLzhUW5XLvW2)


- **Get the header value :** After we set the header when requesting, we will now get the value of this value in this way:
``` $this->input->get_request_header('Authorization');```. We can use the function ```get_request_header('Authorization')``` and use the key header **'Authorization'** in this case.

- **Decode token :** We will *decode*, the opposite of *encode*. We also still use classes in the **JWT Library** that we have imported ```use  \Firebase\JWT\JWT;```. For decode token we can use like this: 

```$decode = JWT::decode($jwt, $this->secret, array('HS256'));```

to decode the token, we use function decode ```JWT::decode()``` . This function need **3 mandatory parameters**. those are:

**1.```$jwt```** is a token that we get from the header request input ```$jwt = $this->input->get_request_header('Authorization');```

**2. ```$this->secret```** is the secret key that we use when encoding data ```private $secret = "This is a secret key";```.

**3. ``` array('HS256')```** is a *hashing method* that uses when encoding data. in this tutorial, we use the **HS256 method**


#### Handling error exception with SignatureInvalidException

- **Use *try catch***

Because there is a *possibility of failed* when decoding the token, then we will use *try catch*, so we can handle the error. We can handle more specific errors by using the **JWT library** that we have *imported* in the previous [tutorial.](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igniter-4-jwt-json-web-token-concept-login-function-and-decode-password-1540395859111) We can import the Class like this:

**Imported:** ```use \Firebase\JWT\SignatureInvalidException;```

![Screenshot_11.png](https://ipfs.busy.org/ipfs/QmTrDyQ8L9QPtdAk8QYoQHrPrPEz4DbuGE9yuwonCuEza2)
<br>
- **Response the error**

Now we will catch and give a response when the user gives the wrong token, we can make a response like the following:
```
try {
		
		} catch(\Exception $e) {

			return $this->response([
				'success'	=> false,
				'message'	=> 'invalid token'
			]);
		}
```

The function of ```response()``` like this:
```
public function response($data) {
		$this->output
			 ->set_content_type('application/json')
			 ->set_status_header(200)
			 ->set_output(json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES))
			 ->_display();
		exit;
	}
```
- We can set the response ```$this->response()``` when the token is invalid. We will insert wrong token and we will see The response like this:

![ezgif.com-video-to-gif (2).gif](https://ipfs.busy.org/ipfs/QmSoJRN7ECy9SAn6AroiAoxfCU6FNNZF3NoUvqrxmTsU67)
<br>

#### Result decode token


- **The result of decoding token:** After the steps above are done, now we will test whether the decode token goes well. We can check it via POSTMAN as shown below:

![ezgif.com-video-to-gif (1).gif](https://ipfs.busy.org/ipfs/QmU8RLSVFoqDDNFUL1bD9AKCXYUULhmxJLCP8kJPxbotGw)

**The first step** we have to login first to get a token you can access the endpoint login ```$route['api/login']['POST']```, we have encoded the token in the previous [tutorial](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igniter-5-get-user-data-encode-data-and-generate-token-1540704402037).

**The Second step** Now that we have the token, we can decode with the endpoint ```$route['api/check-token']['GET']``` and put the token in Headers **Authorization**. If successful you can see decoded data like this:

```
object(stdClass)#18 (4) {
  ["id"]=>
  string(1) "9"
  ["email"]=>
  string(20) "millea1234@gmail.com"
  ["iat"]=>
  int(1540902252)
  ["exp"]=>
  int(1540909452)
}
```
The data above is the data that we successfully encode when the user log in.

We can see the tokens that we get when the login has been successfully decoded and we can see the data contained in the token, now encoding and decoding is complete we can use tokens in each endpoint access in our RESTful API. I hope this tutorial can help you, thank you.


#### Curriculum

[Create RESTful API with Code Igniter #1 : Basic installation, Setup configuration and Database, Create Routes API](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igneter-1-basic-installation-setup-configuration-and-database-create-routes-api-1539354852182)

[Create RESTful API with Code Igniter #2 : Create API register, Models and Controllers, JSON Response](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igneter-2-create-api-register-models-and-controllers-json-response-1539531957770)

[Create RESTful API with Code Igniter #3 : Create Endpoint for Users and User detail, Dynamic functions](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igneter-3-create-endpoint-for-user-dan-user-detail-dynamic-functions-1539784449409)

[Create RESTful API with Code Igniter #4 : JWT(JSON Web Token) Concept, Login function and Decode password](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igniter-4-jwt-json-web-token-concept-login-function-and-decode-password-1540395859111)

[Create RESTful API with Code Igniter #5 : Get user data, Encode data, and Generate token](https://steemit.com/utopian-io/@duski.harahap/create-restful-api-with-code-igniter-5-get-user-data-encode-data-and-generate-token-1540704402037)

#### Proof of work done
https://github.com/milleaduski/RESTful-CI