Download the PHP package firebase/php-jwt without Composer
On this page you can find all versions of the php package firebase/php-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Rated 4.44 based on 32 reviews
All versions of php-jwt with dependencies
Informations about the package php-jwt
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519.
Use composer to manage your dependencies and download PHP-JWT:
Optionally, install the
paragonie/sodium_compat package from composer if your
php is < 7.2 or does not have libsodium installed:
Example with RS256 (openssl)
Example with a passphrase
Example with EdDSA (libsodium and Ed25519 signature)
Using Cached Key Sets
CachedKeySet class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI.
This has the following advantages:
- The results are cached for performance.
- If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation.
- If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second.
Casting to array
The return value of
JWT::decode is the generic PHP object
stdClass. If you'd like to handle with arrays
instead, you can do the following:
6.3.0 / 2022-07-15
- Added ES256 support to JWK parsing (#399)
- Fixed potential caching error in
CachedKeySetby caching jwks as strings (#435)
6.2.0 / 2022-05-14
6.1.0 / 2022-03-23
- Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
- Add parameter typing and return types where possible
6.0.0 / 2022-01-24
- Backwards-Compatibility Breaking Changes: See the Release Notes for more information.
- New Key object to prevent key/algorithm type confusion (#365)
- Add JWK support (#273)
- Add ES256 support (#256)
- Add ES384 support (#324)
- Add Ed25519 support (#343)
5.0.0 / 2017-06-26
- Support RS384 and RS512. See #117. Thanks @joostfaassen!
- Add an example for RS256 openssl. See #125. Thanks @akeeman!
- Detect invalid Base64 encoding in signature. See #162. Thanks @psignoret!
JWT::verifyto handle OpenSSL errors. See #159. Thanks @bshaffer!
arraytype hinting to
decodemethod See #101. Thanks @hywak!
- Add all JSON error types. See #110. Thanks @gbalduzzi!
- Bugfix 'kid' not in given key list. See #129. Thanks @stampycode!
- Miscellaneous cleanup, documentation and test fixes. See #107, #115, #160, #161, and #165. Thanks @akeeman, @chinedufn, and @bshaffer!
4.0.0 / 2016-07-17
- Add support for late static binding. See #88 for details. Thanks to @chappy84!
- Use static
time()to improve unit testing. See #93 for details. Thanks to @josephmcdermott!
- Fixes to exceptions classes. See #81 for details. Thanks to @Maks3w!
- Fixes to PHPDoc. See #76 for details. Thanks to @akeeman!
3.0.0 / 2015-07-22
- Minimum PHP version updated from
\Firebase\JWTnamespace. See #59 for details. Thanks to @Dashron!
- Require a non-empty key to decode and verify a JWT. See #60 for details. Thanks to @sjones608!
- Cleaner documentation blocks in the code. See #62 for details. Thanks to @johanderuijter!
2.2.0 / 2015-06-22
- Add support for adding custom, optional JWT headers to
JWT::encode(). See #53 for details. Thanks to @mcocaro!
2.1.0 / 2015-05-20
- Add support for adding a leeway to
JWT:decode()that accounts for clock skew between signing and verifying entities. Thanks to @lcabral!
- Add support for passing an object implementing the
JWT::decode(). Thanks to @aztech-dev!
2.0.0 / 2015-04-01
- Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together.
- Update signature for
JWT::decode(...)to require an array of supported algorithms to use when verifying token signatures.
Run the tests using phpunit:
New Lines in private keys
If your private key contains
\n characters, be sure to wrap it in double quotes
and not single quotes
'' in order to properly interpret the escaped characters.