GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lindelius → php-jwt

lindelius / php-jwt

Licence: Apache-2.0 license
Convenience library for working with JSON Web Tokens (JWT) in PHP

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

jwtauthenticationjson-web-token

Projects that are alternatives of or similar to php-jwt

conference
A WebRTC signaling server with support of MQTT and WebSocket as transport protocols, token based authentication (JSON Web Token) and external policy based authorization.
Stars: ✭ 27 (-20.59%)
Mutual labels:  json-web-token
Universal React Apollo Registration
Open Source Universal User Registration System – NodeJS React Apollo GraphQL JWT MongoDB
Stars: ✭ 495 (+1355.88%)
Mutual labels:  json-web-token
Php Jwt
Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.0. This library makes JWT a cheese.
Stars: ✭ 214 (+529.41%)
Mutual labels:  json-web-token
JwtAuthDemo
ASP.NET Core + Angular JWT auth demo; integration tests; login, logout, refresh token, impersonation, authentication, authorization; run on Docker Compose.
Stars: ✭ 278 (+717.65%)
Mutual labels:  json-web-token
Jwt Cli
A super fast CLI tool to decode and encode JWTs built in Rust
Stars: ✭ 336 (+888.24%)
Mutual labels:  json-web-token
Yii2 Jwt
JWT implementation for Yii2 Authorization process
Stars: ✭ 61 (+79.41%)
Mutual labels:  json-web-token
rails-api-template
A Rails 5 JSON API template
Stars: ✭ 27 (-20.59%)
Mutual labels:  json-web-token
Laravel Jwt
Dead simple, plug and play JWT API Authentication for Laravel (5.4+)
Stars: ✭ 225 (+561.76%)
Mutual labels:  json-web-token
Cerberus
A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.
Stars: ✭ 482 (+1317.65%)
Mutual labels:  json-web-token
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (+385.29%)
Mutual labels:  json-web-token
jwt auth example
Example of how to use JWT for user authorization and API route protection. Made with Express, Node.js, and JWT.
Stars: ✭ 23 (-32.35%)
Mutual labels:  json-web-token
Jwt Cpp
A header only library for creating and validating json web tokens in c++
Stars: ✭ 269 (+691.18%)
Mutual labels:  json-web-token
Webfluxtemplate
Spring Webflux template application with working Spring Security, Web-sockets, Rest, Web MVC, and Authentication with JWT.
Stars: ✭ 107 (+214.71%)
Mutual labels:  json-web-token
jwt
A fast and simple JWT implementation for Go
Stars: ✭ 144 (+323.53%)
Mutual labels:  json-web-token
Reallysimplejwt
A really simple library to generate JSON Web Tokens in PHP.
Stars: ✭ 218 (+541.18%)
Mutual labels:  json-web-token
Natours
An awesome tour booking web app written in NodeJS, Express, MongoDB 🗽
Stars: ✭ 94 (+176.47%)
Mutual labels:  json-web-token
Jwt
Kotlin JWT 🔑 implementation (Json Web Token) as required by APNs 🔔 (Apple Push Notifications) or Sign in with Apple 🍏
Stars: ✭ 31 (-8.82%)
Mutual labels:  json-web-token
Jwt
JSON Web Token library
Stars: ✭ 242 (+611.76%)
Mutual labels:  json-web-token
Aspnetcore2jwtauthentication
Jwt Authentication without ASP.NET Core Identity
Stars: ✭ 218 (+541.18%)
Mutual labels:  json-web-token
Go Jose
An implementation of JOSE standards (JWE, JWS, JWT) in Go
Stars: ✭ 1,849 (+5338.24%)
Mutual labels:  json-web-token
View All Similar Projects ➔

php-jwt

CircleCI

A convenience library for working with JSON Web Tokens (JWT) in PHP.

This library conforms to RFC 7519, with the exception of not allowing unsigned JWTs (the "none" algorithm), and has built-in support for the following claims:

Requirements

  • PHP 7.2, or higher
  • OpenSSL PHP extension (for certain algorithms)

Table of Contents

Installation

If you are using Composer, you may install the latest version of this library by running the following command from your project's root folder:

composer require lindelius/php-jwt

You may also manually download the library by navigating to the "Releases" page and then expanding the "Assets" section of the latest release.

Usage

Step 1. Extend the abstract JWT model and pick an algorithm.

use Lindelius\JWT\Algorithm\HMAC\HS256;
use Lindelius\JWT\JWT;

class MyJWT extends JWT
{
    use HS256;
}

Step 2. Start creating your JWTs :)

$jwt = MyJWT::create('HS256');

// Include whatever data is required by your use case
$jwt->field = 'value';
$jwt->other = ['nested_field' => 'value'];

// Let the JWT expire after 20 minutes (optional, but recommended)
$jwt->exp = time() + (60 * 20);

// Encode the JWT using a key suitable for the chosen algorithm
$encodedJwtHash = $jwt->encode('YOUR_HMAC_KEY');

Step 3. Decode and verify the JWTs that are sent back.

$decodedJwt = MyJWT::decode($encodedJwtHash);

// The data is available immediately after decode
$field = $decodedJwt->field;
$other = $decodedJwt->other;

// HOWEVER, do NOT forget to verify the data before trusting it
$decodedJwt->verify('THE_SAME_HMAC_KEY');

If you are making use of any of the claims with built-in support (aud or iss), you may verify them by passing the expected values to the verify() method (as seen below).

$decodedJwt->verify('THE_SAME_HMAC_KEY', [

    // Single valid audience
    'aud' => 'https://my-application.tld',

    // Multiple valid issuers
    'iss' => ['Expected Issuer', 'Alternate Issuer'],

]);

Algorithm Choices

The following algorithms are currently included with the library:

  • HS256
  • HS384
  • HS512
  • RS256 (requires the OpenSSL extension)
  • RS384 (requires the OpenSSL extension)
  • RS512 (requires the OpenSSL extension)

You may use any of the built-in algorithms by simply including the relevant trait(s) in your JWT model.

use Lindelius\JWT\Algorithm\RSA\RS256;
use Lindelius\JWT\JWT;

class MyJWT extends JWT
{
    use RS256;
}

$jwt = MyJWT::create('RS256');

If you would like to use an algorithm that is not yet included with the library you can easily add support for it by implementing the required encodeWithX() and verifyWithX() methods (in the same fashion as the currently included traits).

Leeway Time

If your application servers suffer from clock skew, you can make use of the JWT::$leeway property to give them a couple of extra seconds when verifying certain claims (exp, iat, and nbf).

It's highly recommended to keep the leeway time as low as possible.

use Lindelius\JWT\JWT;

class MyJWT extends JWT
{
    public static $leeway = 60;
}

Multiple Encryption Keys

If your application makes use of multiple encryption keys you will, in one way or another, have to keep track of which key was used for which JWT. One way to do this is to use the kid header field to include the "key ID" with the JWT.

$availableKeys = [
    'key_1' => 'J5hZTw1vtee0PGaoAuaW',
    'key_2' => '8zUpiGcaPkNhNGi8oyrq',
    'key_3' => 'RfxRP43BIKoSQ7P1GfeO',
];

// Decide which key to use for the JWT
$keyId = 'key_2';

// Include the key ID ("kid") in the JWT's header
$jwt = MyJWT::create('HS256');
$jwt->setHeaderField('kid', $keyId);

$encodedJwt = $jwt->encode($availableKeys[$keyId]);

If you use this approach, all you have to do when verifying the JWT is to provide the JWT::verify() method with $availableKeys and it will automatically look-up and use the correct key.

$decodedJwt = MyJWT::decode($encodedJwt);
$decodedJwt->verify($availableKeys);

Benchmarking

This library is using PHPBench for benchmarking.

You can benchmark the library on your own system by running the following command from the library's root folder.

./vendor/bin/phpbench run benchmarks/ --report=default
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].