GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → miladrahimi → php-jwt

miladrahimi / php-jwt

Licence: MIT license
A PHP implementation of JWT (JSON Web Token) generator, parser, verifier, and validator

Programming Languages

PHP
23972 projects - #3 most used programming language
shell
77523 projects

Labels

jwtjosephp-jwtjson-web-token

Projects that are alternatives of or similar to php-jwt

Go Jose
An implementation of JOSE standards (JWE, JWS, JWT) in Go
Stars: ✭ 1,849 (+3143.86%)
Mutual labels:  jose, json-web-token
Json Jwt
JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
Stars: ✭ 262 (+359.65%)
Mutual labels:  jose, json-web-token
Jose
A JOSE implementation
Stars: ✭ 20 (-64.91%)
Mutual labels:  jose
jwx
JSON/JWK/JWS/JWT/Base64 library in SPARK
Stars: ✭ 15 (-73.68%)
Mutual labels:  jose
Jose2go
Golang (GO) implementation of Javascript Object Signing and Encryption specification
Stars: ✭ 150 (+163.16%)
Mutual labels:  jose
Webcrypto
W3C Web Cryptography API for Node.js
Stars: ✭ 79 (+38.6%)
Mutual labels:  jose
Erlang Jose
JSON Object Signing and Encryption (JOSE) for Erlang and Elixir
Stars: ✭ 232 (+307.02%)
Mutual labels:  jose
Python Jose
A JOSE implementation in Python
Stars: ✭ 801 (+1305.26%)
Mutual labels:  jose
jwt-cli
A shell library to decode JWT tokens
Stars: ✭ 41 (-28.07%)
Mutual labels:  json-web-token
laravel-admin
LaravelAdmin是基于PHP开发的基础管理后台系统,做到开箱即用,为新项目开发省去了基础功能开发的步骤;此系统采用前后端分离模式,后端使用Laravel,前端使用vue;主要包含:登录、注销、可视化数据大屏、管理员、角色管理、菜单管理、权限管理、错误日志、登录日志、访问日志、获取服务器CPU使用率、内存使用率等功能。后端主要使用Artisan命令行、Jobs消息队列、 Rules验证规则、Restful API、Composer扩展包、Redis秒杀、Extend自定义扩展类:微信授权、钉钉告警推送、MongoDB、阿里云OSS、七牛云存储、七牛云直播、php-jwt TOKEN、Phpoffice、MySql数据库字典、Elasticsearch等技术。
Stars: ✭ 45 (-21.05%)
Mutual labels:  php-jwt
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+3673.68%)
Mutual labels:  jose
Python Jwt
JSON Web Token library for Python
Stars: ✭ 81 (+42.11%)
Mutual labels:  jose
Jwt
Safe, simple and fast JSON Web Tokens for Go
Stars: ✭ 231 (+305.26%)
Mutual labels:  jose
Jose
Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies
Stars: ✭ 1,029 (+1705.26%)
Mutual labels:  jose
php-jwt
Convenience library for working with JSON Web Tokens (JWT) in PHP
Stars: ✭ 34 (-40.35%)
Mutual labels:  json-web-token
Jose
JSON Object Signing and Encryption for Node.js and the browser
Stars: ✭ 25 (-56.14%)
Mutual labels:  jose
Joseswift
A framework for the JOSE standards JWS, JWE, and JWK written in Swift.
Stars: ✭ 114 (+100%)
Mutual labels:  jose
Authlib
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Stars: ✭ 2,854 (+4907.02%)
Mutual labels:  jose
socketio-jwt-auth
Socket.io authentication middleware using Json Web Token
Stars: ✭ 87 (+52.63%)
Mutual labels:  json-web-token
springsecurity
spring security 学习总结
Stars: ✭ 126 (+121.05%)
Mutual labels:  json-web-token
View All Similar Projects ➔

Latest Stable Version Total Downloads Build Status Coverage Status License

PHP-JWT

PHP-JWT is a package written in PHP programming language to encode (generate), decode (parse), verify and validate JWTs (JSON Web Tokens). It provides a fluent, easy-to-use, and object-oriented interface.

Confirmed by JWT.io.

Documentation

Versions

  • 2.x.x (LTS)
  • 1.x.x (Unsupported)

What is JWT?

In case you are unfamiliar with JWT you can read Wikipedia or JWT.io.

Installation

Add the package to your Composer dependencies with the following command:

composer require miladrahimi/php-jwt "2.*"

Simple example

The following example shows how to generate a JWT and parse it using the HS256 algorithm.

use MiladRahimi\Jwt\Generator;
use MiladRahimi\Jwt\Parser;
use MiladRahimi\Jwt\Cryptography\Algorithms\Hmac\HS256;

// Use HS256 to generate and parse tokens
$signer = new HS256('12345678901234567890123456789012');

// Generate a token
$generator = new Generator($signer);
$jwt = $generator->generate(['id' => 666, 'is-admin' => true]);

// Parse the token
$parser = new Parser($signer);
$claims = $parser->parse($jwt);

print_r($claims); // ['id' => 666, 'is-admin' => true]

HMAC Algorithms

HMAC algorithms use symmetric keys. A single key can both sign and verify JWTs. This package supports HS256, HS384, and HS512 of HMAC algorithms. The example mentioned above demonstrates how to use an HMAC algorithm (HS256) to sign and verify a JWT.

RSA Algorithms

RSA algorithms are asymmetric. A paired key is needed to sign and verify tokens. To sign a JWT, we use a private key, and to verify it, we use the related public key. These algorithms can be useful when the authentication server cannot trust resource owners. Take a look at the following example:

use MiladRahimi\Jwt\Cryptography\Algorithms\Rsa\RS256Signer;
use MiladRahimi\Jwt\Cryptography\Algorithms\Rsa\RS256Verifier;
use MiladRahimi\Jwt\Cryptography\Keys\RsaPrivateKey;
use MiladRahimi\Jwt\Cryptography\Keys\RsaPublicKey;
use MiladRahimi\Jwt\Generator;
use MiladRahimi\Jwt\Parser;

// Generate a token
$privateKey = new RsaPrivateKey('/path/to/private.pem');
$signer = new RS256Signer($privateKey);
$generator = new Generator($signer);
$jwt = $generator->generate(['id' => 666, 'is-admin' => true]);

// Parse the token
$publicKey = new RsaPublicKey('/path/to/public.pem');
$verifier = new RS256Verifier($publicKey);
$parser = new Parser($verifier);
$claims = $parser->parse($jwt);

print_r($claims); // ['id' => 666, 'is-admin' => true]

You can read this instruction to learn how to generate a pair (public/private) RSA key.

Validation

In default, the package verifies the JWT signature, validates some of the public claims if they exist (using DefaultValidator), and parse the claims. If you have your custom claims, you can add their validation rules, as well. See this example:

use MiladRahimi\Jwt\Parser;
use MiladRahimi\Jwt\Cryptography\Algorithms\Hmac\HS256;
use MiladRahimi\Jwt\Exceptions\ValidationException;
use MiladRahimi\Jwt\Validator\Rules\EqualsTo;

$jwt = '...'; // Get the JWT from the user

$signer = new HS256('12345678901234567890123456789012');

// Add Validation (Extend the DefaultValidator)
$validator = new DefaultValidator();
$validator->addRule('is-admin', new EqualsTo(true));

// Parse the token
$parser = new Parser($signer, $validator);

try {
    $claims = $parser->parse($jwt);
    echo $claims; // ['id' => 666, 'is-admin' => true]
} catch (ValidationException $e) {
    // Handle error.
}

In the example above, we extended DefaultValidator. This validator has some built-in Rules for public claims. We also recommend you extend it for your validation. The DefaultValidator is a subclass of the BaseValidator. You can also use the BaseValidator for your validations, but you will lose the built-in Rules, and you have to add all the Rules by yourself.

Rules

Validators use the Rules to validate the claims. Each Rule determines eligible values for a claim. These are the built-in Rules you can find under the namespace MiladRahimi\Jwt\Validator\Rules:

You can see their description in their class doc-blocks.

Required and Optional Rules

You can add a rule to a validator as required or optional. If the Rule is required, validation will fail when the related claim is not present in the JWT claims.

This example demonstrates how to add rules as required and optional:

$validator = new DefaultValidator();

// Add a rule as required
$validator->addRule('exp', new NewerThan(time()));

// Add a rule as required again!
$validator->addRule('exp', new NewerThan(time()), true);

// Add a rule as optional
$validator->addRule('exp', new NewerThan(time()), false);

Custom Rules

You create your own Rules if the built-in ones cannot meet your needs. To create a Rule, you must implement the Rule interface like the following example that shows the Even Rule which is going to check if the given claim is an even number or not:

use MiladRahimi\Jwt\Exceptions\ValidationException;
use MiladRahimi\Jwt\Validator\Rule;

class Even implements Rule
{
    public function validate(string $name, $value)
    {
        if ($value % 2 != 0) {
            throw new ValidationException("The `$name` must be an even number.");
        }
    }
}

Error Handling

Here are the exceptions that the package throw:

  • InvalidKeyException:
    • By Generator and Parser methods.
    • When the provided key is not valid.
  • InvalidSignatureException:
    • By Parser::parse(), Parser::verify(), and Parser::validate() methods.
    • When the JWT signature is not valid.
  • InvalidTokenException:
    • By Parser::parse(), Parser::verify(), and Parser::validate() methods.
    • When the JWT format is not valid (for example it has no payload).
  • JsonDecodingException:
    • By Parser::parse() and Parser::validate() methods.
    • When the JSON extracted from JWT is not valid.
  • JsonEncodingException:
    • By Generator::generate() method.
    • When cannot convert the provided claims to JSON.
  • SigningException:
    • By Generator::generate() method.
    • When cannot sign the token using the provided signer or key.
  • ValidationException:
    • By Parser::parse() and Parser::validate() methods.
    • When one of the validation rules fail.

License

PHP-JWT is initially created by Milad Rahimi and released under the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].