PHP download

Download the PHP package itaiarbel/jwt without Composer

On this page you can find all versions of the php package itaiarbel/jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download itaiarbel/jwt
More information about itaiarbel/jwt
Files in itaiarbel/jwt

Vendor itaiarbel
Package jwt
Short Description JWT,JWS,JWE library
License MIT
Homepage https://github.com/itaiarbel/jwt

Keywords php jwt JWS JWE

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of itaiarbel/jwt

Informations about the package jwt

PHP Jwt library by Itai Arbel

Easy to use lightweight user friendly jwt library no dependencies - all algorithms implemented using php openssl only.

Disclaimer:

22/08/2020 - BETA - all seems to be working ok,

NOT fully tested for security / NOT fully RFC complience. use at your own risk!

You are wellcome to use this library and help me improve it by finding bugs and implementing missing algorithms.

What it can do?

JWS - HS256 - Sign / Verify - with shared secret key
JWS - HS384 - Sign / Verify - with shared secret key
JWS - HS512 - Sign / Verify - with shared secret key
JWS - RS256 - Sign / Verify - with private & private key
JWS - RS384 - Sign / Verify - with private & private key
JWS - RS512 - Sign / Verify - with private & private key
JWE - RSA1_5 + A128CBC-HS256 - Encrypt / Decrypt - with private & private key
JWE - RSA1_5 + A192CBC-HS384 - Encrypt / Decrypt - with private & private key
JWE - RSA1_5 + A256CBC-HS512 - Encrypt / Decrypt - with private & private key
JWE - RSA1_5 + A128GCM - Encrypt / Decrypt - with private & private key
JWE - RSA1_5 + A192GCM - Encrypt / Decrypt - with private & private key
JWE - RSA1_5 + A256GCM - Encrypt / Decrypt - with private & private key

Installetion
Builder
Builder Methods
Checker
Checker Methods
Algorithms
Contributions
Contact

Installation

Run the following composer command:

Then use it in your project:

Builder

allows you to build jwt, then sign/encrypt them.

Example of use:

Builder Methods

claim(key, val) / claims([key=>val,key=>val...]) : addes a claim/claims to the payload section of the token

header(key, val) : addes a claim to the header section of the token (notice: header claims are not ecnrypted in JWE)

exp(secs,server_ts[opt]) : adds 'exp' token expiers time claim of time()+secs, you can set server timestamp if different timezone.

nfb(secs) : adds a 'nbf' token not valid before claim of time()+secs

jti(val[opt]) : adds a 'jti' token id claim of auto generated random GUID if no parameter provided

iss(val)/issuer(val) : adds a 'iss' token issuer claim

sign(key, alg) : finish the builder and sign the jwt. - > JWS

encrypt(key, alg, enc) : finish the builder and encrypt the jwt. -> JWE

Checker

Example of use:

JWS verify:

JWE decryption:

Note: verified Not means Valid token, i'ts only checks signiture, not validity of the token time, you must check the experation timestamp/nbf/iss blacklist/catch/database ect on your own...

Checker Methods

verify(key/secret,alg) - verify JWS using public key / secret

decrypt(key/secret,alg,enc) - decrypting JWE using public key

getHeaderClaims():array - get array of all header claims in JWE/JWS

getHeaderClaim(name):string - get a specific claim from header

hasHeaderClaim(name):bool - returns true/false if header claim exist

kid()/keyId():string - get 'kid' calim from header

alg()/algorithm():string - get 'alg' calim from header

enc()/encryption():string - get 'enc' calim from header

validate(server_ts[opt]):bool - validates signiture/decryption + exp + nbf

checkExp(ts[opt]):bool - return true/false if exp claim time has passed

checkNbf(ts[opt]):bool - return true/false if nbf time not before now.. note: if nbf claim not exist - returns true this this claim is optional

checkClaim(name,expected_val):bool - return true/false - check claim agains expected value

checkHeaderClaim(name,expected_val):bool - return true/false - check header claim agains expected value

getClaims():array - get array of all claims (will return empy array if token yet to be decrypted)

getClaim(name):string - get specific claim by name (will return empty string if token yet to be decrypted)

hasClaim(name):bool - returns true/false if claim exist (will return false if token yet to be decrypted)

iss()/issuer():string - get isueer 'iss' claim

sub()/subject():string - get subject 'sub' claim

aud()/audience():string - get audience 'aud' claim

exp()/expires():string - get expires time 'exp' claim

nbf()/notBefore():string - get not before time 'nbf' claim

iat()/issuedAt():string - get issued time 'iat' claim

jti()/id():string - - get token id 'jti' claim

Algorithms

Algorithms Implemented:

HS256 - HMAC-SHA256 - Sign / Verify
HS384 - HMAC-SHA384 - Sign / Verify
HS512 - HMAC-SHA512 - Sign / Verify
RS256 - RSA-PKCS1-SHA256 - Sign / Verify
RS384 - RSA-PKCS1-SHA384 - Sign / Verify
RS512 - RSA-PKCS1-SHA512 - Sign / Verify
RSA1_5 - Encrypt Key / Decrypt Key
A128CBC_HS256 - AES-128-CBC SHA256 - Encrypt / Decrypt
A192CBC_HS384 - AES-192-CBC SHA384 - Encrypt / Decrypt
A256CBC_HS512 - AES-256-CBC SHA512 - Encrypt / Decrypt
A128GCM - AES-128-GCM - Encrypt / Decrypt
A192GCM - AES-192-GCM - Encrypt / Decrypt
A256GCM - AES-256-GCM - Encrypt / Decrypt

Algorithms TODO: (maybe you can help?)

dir
PS256
PS384
PS512
ES256
ES384
ES512
RSA-OAEP
RSA-OAEP-256
A128KW
A192KW
A256KW
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
A128GCMKW
A192GCMKW
A256GCMKW
PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW

Contributions

ways to contribute:

add algorithms
find bugs
fix bugs
improve existing code

Support

buy me a cup of coffee

Contact

You can contact me at [email protected]

All versions of jwt with dependencies

PHP Build Version

Package Version

Version 1.0-beta Release 22. Aug 2020
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of jwt from vendor itaiarbel

Requires lib-openssl Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package itaiarbel/jwt contains the following files

Loading the files please wait ....