Download the PHP package jabarihunt/json-web-token without Composer

On this page you can find all versions of the php package jabarihunt/json-web-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package json-web-token

JSON Web Token Class

A simple and lightweight class to create, sign, and verify JSON Web Tokens (JWT). The class also has a method that creates secrets with over double the length needed to ensure the creation of secure signatures. The JWT standard requires that implementations must support HS256 and "none" as valid algorithms (all others are optional). This implementation currently supports HS256, HS384, HS512, and "none". Support for both RS and ES equivalent algorithms will be added in future versions.

Getting Started

Prerequisites

Before using this class, you may want to brush up on JWT if you are not already familiar with it. In short, JSON Web Tokens are used as a self-contained method of providing stateless authentication and/or to exchange verifiable information with a trusted party.

Installing

Via Composer

Run the following command in the same directory as your composer.json file:

php composer.phar require jabarihunt/json-web-token

Via Github
  1. Clone this repository into a working directory: git clone [email protected]:jabarihunt/JSON-Web-Token.git .

  2. Include the JWT class in your project...

...or if using an auto-loader...

Usage

Choosing An Algorithm

This class will default to the HS256 algorithm. If you want to use one of the other algorithms, pass it optionally in the JWT::sign() and JWT::generateSecret() methods. Supported algorithms are class constants. For example sake, we'll set an algorithm variable to use HS384...

Creating A Secret

You are free to pass any secret you like when using the JWT::sign() and JWT::verify() methods. However, to create a very secure signature you MUST use a secret that is at least as long as the number of bits of encryption. For example, if using HS256, you should use a secret that is at least 256 bits (32 bytes) long.

NOTE: Secrets should be stored in a secure location (secure configuration include, .env, etc.) and NOT within your script. Additionally, the generated secret is not URL safe, though, it should NEVER be passed around via HTTP requests anyway!

In our example, we will generate a secret and pass along the optional $algorithm parameter using the variable of the same name we created above...

Creating A JSON Web Token

JSON Web Tokens are created with the JWT::sign() method which takes two required parameters and one optional parameter:

(array) $payload - An array containing the data to be transmitted.

(string) $secretOrPrivateKey - For the HS256, HS384, and HS512 algorithms, it expects this to be a secret (as generated above). For the "none" algorithm, simply pass NULL (it will ignore any value passed since no signature will be appended). For all other algorithms, it expects a string path to the private key file used to encrypt the signature.

(string) $algorithm (optional) - The name of the algorithm to be used for signing (it defaults to "HS256"). All supported algorithms may be accessed as class constants.

Putting it together with the secret (which is being pulled from $_ENV) and algorithm examples from above...

Verifying A JSON Web Token

Tokens are verified using the JWT::verify() method which expects two parameters:

(string) $token - A standard JSON Web Token.

(string) $secretOrPrivateKey - For the HS256, HS384, and HS512 algorithms, it expects this to be a secret (as generated above). For the "none" algorithm, simply pass NULL (it will ignore any value passed since no signature will be appended). For all other algorithms, it expects a string path to the public key file that matches the private key used to encrypt the signature.

Using the token generated above:

The JWT::verify() method will return an array containing the following keys:

(boolean) isVerified - TRUE if the token's signature was valid, FALSE otherwise. ALWAYS CHECK THIS!!!

(array) header - The decoded header of the token.

(array) payload - The decoded payload of the token.

Contributing

  1. Fork Repository
  2. Create a descriptive branch name
  3. Make edits to your branch
  4. Squash (rebase) your commits
  5. Create a pull request

License

This project is licensed under the MIT License - see the LICENSE.md file for details


All versions of json-web-token with dependencies

PHP Build Version
Package Version
Requires php Version >=5.6.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package jabarihunt/json-web-token contains the following files

Loading the files please wait ....