From 2c767e7f06ea6af602aac22fabe74971a4a3f980 Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Thu, 5 Dec 2019 13:15:48 +0000
Subject: [PATCH] jwt : add a warning on the content of the token, if
 confidential data must be stored in it

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5795 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 jwt.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/jwt.php b/jwt.php
index cd0cafc..7779977 100644
--- a/jwt.php
+++ b/jwt.php
@@ -6,6 +6,9 @@
 
 /** Allow to manage the JSON Web Tokens
   * Based on https://tools.ietf.org/html/rfc7519
+  *
+  * Do not put confidential data in payload without encrypt it, as the result
+  * is only a Base64 format of JSON...
   */
 class jwt
 {
@@ -20,7 +23,10 @@ class jwt
   );
   // }}}
 
-  /** Create the token based on payload, key
+  /** Create the token based on payload, sign it with key, and optionally
+    * encrypt it with ckey
+    * Do not put confidential data in payload without encrypt it, as the result
+    * is only a Base64 format of JSON...
     * @param array $payload The payload to store
     * @param string $key The key to be used to sign the token
     * @param string|null $alg The algorithm to use to sign the token (default