Download the PHP package bradchesney79/effortless-hs256-jwt without Composer
On this page you can find all versions of the php package bradchesney79/effortless-hs256-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download bradchesney79/effortless-hs256-jwt
More information about bradchesney79/effortless-hs256-jwt
Files in bradchesney79/effortless-hs256-jwt
Package effortless-hs256-jwt
Short Description An opinionated library to facilitate JWT management in part by disallowing undesirable possibilities
License Unlicense
Informations about the package effortless-hs256-jwt
I believe I have brought the library to a usable and critiquable state. As of now, December of 2020, I consider this library beta code.
I created this package because I didn't love the existing libraries out there. Also, this package has only a dependency on the PDO database driver, JSON, and mbstring extensions being avaialble.
So, this is a low level library designed to:
- Allow you to rest easy that the algorithm will always be HS256
- Allow you to create a JWT Token string with standard and custom claims
- Allow you to edit claims
- Allow you to remove claims
- Allow you to retrieve a JWT Token string
- Allow you to read token claims
- Allow you to validate a token
Step 1 - Install:
You will need a modern version of PHP installed, PHP v7.4+.
Add via composer or git clone, or wget the class file, or good old cut/paste and require_once()
Ccreate the object with 'secret' parameter as such:
Step 1a
Unwashed heathens that resist using composer will need something like this:
require_once, include, include_once... only you will really know what is best for you.
Installation via composer is not required-- I just think it is the best way
Step 2 - Usage with Composer:
Make the code available:
Be sure to do the completely normal PHP require or require_once of vendor/autoload.php
Create a token, append/update claims, get the token string:
Validate a token, read token claims, remove token claims:
Step A - Test:
Ensure that the phpdbg and xdebug extensions are avaialble to make developer life easier on yourself
Run the tests with the PHPUnit installed in the dev dependencies
You need to set up the database and provide valid connection credentials
Step B - Count Lines of Code:
11/2020 1,800 12/2020 1,638 05/2021 1,048
ToDo:
-
Turn detection of RuntimeException tests to also test the exception message for specificity
-
Make the README not awful
- Use https://gist.github.com/soulmachine/b368ce7292ddd7f91c15accccc02b8df ...as the basis for instructions on how to functionally use this library beyond syntax and logical flow
Caveats:
-
Use is limited to PHP 7.4+ platforms
-
I am not positive this library is production ready yet
-
I have made decisions that force you to use this library in the closest to best practices using a specific secret key as I could manage. Other libraries allow you more freedom-- potentially to shoot yourself in the foot.
- There is no storage of who or what tokens are out there. You cannot see if one exists with this library. You can only validate and leverage tokens that come back to you.
All versions of effortless-hs256-jwt with dependencies
ext-json Version *
ext-mbstring Version *