Download the PHP package kleijnweb/jwt-bundle without Composer

On this page you can find all versions of the php package kleijnweb/jwt-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package jwt-bundle

This project is no longer maintained

KleijnWeb\JwtBundle

Build Status Coverage Status Scrutinizer Code Quality Latest Stable Version

Integrate JWT API tokens for authentication.

Go to the release page to find details about the latest release.

For an example see swagger-bundle-example.

NOTE: Looking for PHP <7.0 and Symfony <2.8.7 support? Use a 0.x version.

Install

Install using composer (composer require kleijnweb/jwt-bundle). You want to check out the release page to ensure you are getting what you want and optionally verify your download.

Authentication

The token is validated using standard (reserved) JWT claims:

Name Type Description
exp int [1] Expiration time must be omitted [3] or be smaller than time() + leeway [2].
nbf int [1] "Not before", token validity start time, must be omitted [3] or greater than or equal to time() - leeway [2].
iat int [1] The time the token was issued, must be omitted [3] or smaller than configured minIssueTime + leeway. Required when minIssueTime configured.
iss string Issuer of the token, must match configured issuer. Required when issuer configured.
aud string JWT "audience", must be omitted [3] or match configured audience if configured. Required when audience configured.
sub string JWT "subject". Used as username for Symfony Security integration. Always required (or its alias), without it the "Resource Owner cannot be identified.
prn string JWT "principle". Deprecated alias for sub, used in older versions of the JWT RFC.
jti string JWT "ID". Not used, will be ignored.
typ string Not used, will be ignored.

All other claims encountered are ignored. The JWT header is checked for kid (see below) and alg, which must match the type value of the key configuration.

Keys

The authenticator supports multiple keys, and allows all options to be configured per kid (key ID, which must be included in the JWT header when more than 1 key is configured):

JwtBundle and the issuer must share a secret in order for JwtBundle to be able to verify tokens. You can choose between a pre shared key (PSK) or asymmetric keys.

To use asymmetric keys, type MUST be set to RS256 or RS512. The secret in this case is the public key of the issuer.

Loading Secrets From An External Source

Instead of configuring secrets statically, they can also be loaded dynamically, using any data available in the JWT token. Example configuration:

The loader must implement KleijnWeb\JwtBundle\Authenticator\SecretLoader. A simple example that loads the secret from an ambiguous data store:

You could use any information available in the token, such as the kid, alg or any custom claims. You cannot configure both secret and loader. Be sure to throw an AuthenticationException when appropriate (eg missing claims needed for loading secret).

Integration Into Symfony Security

Synopsis:

Using the bundled user provider is optional. This will produce user objects from the token data alone with roles produced from the aud claim (and IS_AUTHENTICATED_FULLY whether aud was set or not).

Assigning audience to user roles using an alternate UserProvider

JwtBundle can assign the audience claims in the JwtToken to the User objects user roles properties. Ideally, this is done in the UserProvider, so that the groups cannot be modified.

If this is an acceptable risk, you do not want to use JwtUser/JwtUserProvider, but do want JwtBundle to copy aud claims to user roles, you can have your User class implement the KleijnWeb\JwtBundle\User\UnsafeGroupsUserInterface interface, and JwtBundle will add the roles after the user is loaded from the provider. This behavior may be removed in future versions.

NOTE: This function only copies the the roles from the token.

Issuing Token

Issuing tokens is currently limited to HS256. To create a token string:

License

KleijnWeb\JwtBundle is made available under the terms of the LGPL, version 3.0.


All versions of jwt-bundle with dependencies

PHP Build Version
Package Version
Requires php Version ^7.0.0
symfony/dependency-injection Version >=2.8.30
symfony/config Version >=2.8.30
symfony/event-dispatcher Version >=2.8.30
symfony/http-foundation Version >=2.8.30
symfony/http-kernel Version >=2.8.30
symfony/security Version >=2.8.30
symfony/yaml Version >=2.8.30
symfony/finder Version >=2.8.30
symfony/security-bundle Version >=2.8.30
symfony/var-dumper Version >=2.8.30
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kleijnweb/jwt-bundle contains the following files

Loading the files please wait ....