Skip to content

sjones608/php-jwt

This branch is 169 commits behind firebase/php-jwt:main.

Folders and files

NameName
Last commit message
Last commit date
Jul 21, 2015
Jul 21, 2015
Jul 5, 2015
Feb 12, 2015
Dec 31, 2012
Jul 1, 2015
Jul 1, 2015
Jun 22, 2015
Jun 22, 2015
Aug 30, 2013
Apr 1, 2015

Repository files navigation

Build Status Latest Stable Version Total Downloads License

PHP-JWT

A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec

Installation

Use composer to manage your dependencies and download PHP-JWT:

composer require firebase/php-jwt

Example

<?php
use \Firebase\JWT\JWT;

$key = "example_key";
$token = array(
    "iss" => "http://example.org",
    "aud" => "http://example.com",
    "iat" => 1356999524,
    "nbf" => 1357000000
);

/**
 * IMPORTANT:
 * You must specify supported algorithms for your application. See
 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
 * for a list of spec-compliant algorithms.
 */
$jwt = JWT::encode($token, $key);
$decoded = JWT::decode($jwt, $key, array('HS256'));

print_r($decoded);

/*
 NOTE: This will now be an object instead of an associative array. To get
 an associative array, you will need to cast it as such:
*/

$decoded_array = (array) $decoded;

/**
 * You can add a leeway to account for when there is a clock skew times between
 * the signing and verifying servers. It is recommended that this leeway should
 * not be bigger than a few minutes.
 *
 * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
 */
JWT::$leeway = 60; // $leeway in seconds
$decoded = JWT::decode($jwt, $key, array('HS256'));

?>

Changelog

2.2.0 / 2015-06-22

  • Add support for adding custom, optional JWT headers to JWT::encode(). See #53 for details. Thanks to @mcocaro!

2.1.0 / 2015-05-20

  • Add support for adding a leeway to JWT:decode() that accounts for clock skew between signing and verifying entities. Thanks to @lcabral!
  • Add support for passing an object implementing the ArrayAccess interface for $keys argument in JWT::decode(). Thanks to @aztech-dev!

2.0.0 / 2015-04-01

  • Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together.
  • Update signature for JWT::decode(...) to require an array of supported algorithms to use when verifying token signatures.

Tests

Run the tests using phpunit:

$ pear install PHPUnit
$ phpunit --configuration phpunit.xml.dist
PHPUnit 3.7.10 by Sebastian Bergmann.
.....
Time: 0 seconds, Memory: 2.50Mb
OK (5 tests, 5 assertions)

License

3-Clause BSD.

About

PEAR package for JWT

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PHP 95.0%
  • Shell 5.0%