Download the PHP package algsupport/jwt without Composer
On this page you can find all versions of the php package algsupport/jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download algsupport/jwt
More information about algsupport/jwt
Files in algsupport/jwt
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package jwt
JWT Integration For Yii 2
This extension provides the JWT integration for Yii 2 framework.
This is a fork of sizeg/yii2-jwt package
See lcobucci/jwt repo for details about the version.
Installation
Add the package to your composer.json:
and run composer update or alternatively run composer require algsupport/jwt
Basic usage
Add jwt component to your configuration file.
If your application is both the issuer and the consumer of JWT (the common case, a.k.a. Standard version)
use algsupport\jwt\Jwt component:
If your application just needs some special JWT tools (like validator or parser, a.k.a. Toolset version)
use algsupport\jwt\JwtTools component:
Of course, if you are already using the Standard version component, you don't need to define the Toolset version component, since the former already provides all the tools.
If you are struggling with the concept of API JWT, here is an EXAMPLE of how to quickly put all pieces together.
Available signers
Symmetric:
- HMAC (HS256, HS384, HS512)
Asymmetric:
- RSA (RS256, RS384, RS512)
- ECDSA (ES256, ES384, ES512)
- EdDSA (since 3.1.0)
- BLAKE2B (since 3.4.0)
Signer IDs are available as constants (like Jwt::HS256).
You can also provide your own signer, either as an instance of Lcobucci\JWT\Signer or by adding its config to signers
and algorithmTypes and using its ID for signer.
As stated in
lcobucci/jwtdocumentation: Although BLAKE2B is fantastic due to its performance, it's not JWT standard and won't necessarily be offered by other libraries.
Note on signers and minimum bits requirement
Since lcobucci/jwt 4.2.0 signers require the minimum key length to make sure those are properly secured, otherwise
the InvalidKeyProvided is thrown.
Keys
For symmetric signers signingKey is required. For asymmetric ones you also need to set verifyingKey. Keys can be
provided as simple strings, configuration arrays, or instances of Lcobucci\JWT\Signer\Key.
Configuration array can be as the following:
- key (
algsupport\jwt\Jwt::KEY) - string, default'', - passphrase (
algsupport\jwt\Jwt::PASSPHRASE) - string, default'', - method (
algsupport\jwt\Jwt::METHOD) - string, defaultalgsupport\jwt\Jwt::METHOD_PLAIN, available:algsupport\jwt\Jwt::METHOD_PLAIN,algsupport\jwt\Jwt::METHOD_BASE64,algsupport\jwt\Jwt::METHOD_FILE(see https://lcobucci-jwt.readthedocs.io/en/latest/configuration/)
Simple string keys are shortcuts to the following array configs:
-
key starts with
@orfile://:Detecting
@at the beginning assumes Yii alias has been provided, so it will be resolved withYii::getAlias(). - key doesn't start with
@norfile://:
Issuing a token example:
Standard version:
The same in Toolset version:
See https://lcobucci-jwt.readthedocs.io/en/latest/issuing-tokens/ for more info.
Parsing a token
See https://lcobucci-jwt.readthedocs.io/en/latest/parsing-tokens/ for more info.
Validating a token
You can validate a token or perform an assertion on it (see https://lcobucci-jwt.readthedocs.io/en/latest/validating-tokens/).
For validation use:
For assertion use:
You MUST provide at least one constraint, otherwise Lcobucci\JWT\Validation\NoConstraintsGiven exception will be
thrown. There are several ways to provide constraints:
-
directly (Standard version only):
- through component configuration:
Note: By default, this package is not adding any constraints out-of-the-box, you must configure them yourself like in the examples above.
Using component for REST authentication
Configure the authenticator behavior in the controller.
There are special options available:
- jwt - string ID of component (default with
'jwt'), component configuration array, or an instance ofalgsupport\jwt\Jwtoralgsupport\jwt\JwtTools, - auth - callable or
null(default) - anonymous function with signaturefunction (\Lcobucci\JWT\Token $token)that should return identity of user authenticated with the JWT payload information. If $auth is not provided methodyii\web\User::loginByAccessToken()will be called instead. - throwException - bool (default
true) - whether the filter should throw an exception i.e. if the token has an invalid format. If there are multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass the validation process to the next filter on the composite auth list.
For other configuration options refer to the Yii 2 Guide.
JWT Usage
Please refer to the lcobucci/jwt Documentation.
