John Davidson

php - JWT token generation fails, MUX API responds with error


I'm trying to run the PHP example code documented here on the MUX website. I have just generated a brand new API key + secret and have stored them in a mux-credentials.php file:

define('MUX_TOKEN_ID', 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx');
define('MUX_TOKEN_SECRET', '<base64-encoded-string-here>');

I used composer to install Firebase\JWT as instructed here and then ran the exact code specified in the MUX documentation:

// load libs
require_once 'vendor/autoload.php';

// load MUX credentials
require_once 'mux-credentials.php';

use \Firebase\JWT\JWT;

$myId = "<MY-ASSET-ID-HERE>"; // Enter the id for which you would like to get counts here
$myIdType = "asset_id"; // Enter the type of ID provided in my_id; one of video_id | asset_id | playback_id | live_stream_id
$keyId = MUX_TOKEN_ID; // Enter your signing key id here
$keySecret = MUX_TOKEN_SECRET; // Enter your base64 encoded private key here

$payload = array(
"sub" => $myId,
"aud" => $myIdType,
"exp" => time() + 600, // Expiry time in epoch - in this case now + 10 mins
"kid" => $keyId

$jwt = JWT::encode($payload, base64_decode($keySecret), 'RS256');

print "$jwt\n";

This code barfs with a fatal error:

PHP Warning:  openssl_sign(): supplied key param cannot be coerced into a private key in /home/example/vendor/firebase/php-jwt/src/JWT.php on line 225
PHP Fatal error: Uncaught DomainException: OpenSSL unable to sign data in /home/example/vendor/firebase/php-jwt/src/JWT.php:227
Stack trace:
#0 /home/example/vendor/firebase/php-jwt/src/JWT.php(195): Firebase\JWT\JWT::sign()
#1 /home/example/people-watching.php(30): Firebase\JWT\JWT::encode()
#2 {main}
thrown in /home/example/vendor/firebase/php-jwt/src/JWT.php on line 227

If I remove the last param in the JWT::encode call like so:

$jwt = JWT::encode($payload, base64_decode($keySecret));

Then the code successfully runs, and generates a long base64-encoded string. That JWT string, however, results in an error when I attempt to use it to contact the API:

curl '<JWT-HERE>'

The MUX api responds with:

{"error":{"type":"internal error","messages":["Could not get signing key."]}}

Can anyone help me fix this code so that I can contact the MUX API and retrieve the requested information about my asset id?

EDIT: I am grateful for the answers below pointing out that one should use a signing key rather than one's API credentials but, putting aside my confusion about why we need such a thing as a signing key, the curl request to create a signing key doesn't work either. This curl request (i've redacted my MUX_TOKEN_ID and MUX_TOKEN_SECRET):

curl -X POST \
-H "Content-Type: application/json" \

fails, returning this error:

{"error":{"type":"not_found","messages":["The requested resource either doesn't exist or you don't have access to it."]}}

My Answer:

Rate this post

3 of 5 based on 9714 votes


© 2024 - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us