Download the PHP package lake/larke-jwt without Composer
On this page you can find all versions of the php package lake/larke-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package larke-jwt
JWT
A simple library to work with JSON Web Token and JSON Web Signature (requires PHP 5.6+). The implementation is based on the RFC 7519.
The code is forked from lcobucci/jwt
Installation
you can install it using Composer.
Dependencies
- PHP >= 8.1.0
- OpenSSL Extension
- sodium Extension
Basic usage
Creating
Just use the builder to create a new JWT/JWS tokens:
Parsing from strings
Use the parser to create a new token from a JWT string (using the previous token as example):
Validating
We can easily validate if the token is valid (using the previous token and time as example):
Important
- You have to configure informing all claims you want to validate the token.
- If contains claims that are not being used in token or token has claims that are not configured in they will be ignored by .
- , and claims are configured by default in with the current time ().
- The optional parameter of will cause us to use that number of seconds of leeway when validating the time-based claims, pretending we are further in the future for the "Issued At" () and "Not Before" () claims and pretending we are further in the past for the "Expiration Time" () claim. This allows for situations where the clock of the issuing server has a different time than the clock of the verifying server, as mentioned in section 4.1 of RFC 7519.
Token signature
We can use signatures to be able to verify if the token was not modified after its generation. This library implements Hmac, RSA, ECDSA, EdDSA and Blake2b signatures (using 256, 384 and 512). The none is not signatures.
Important
Do not allow the string sent to the Parser to dictate which signature algorithm to use, or else your application will be vulnerable to a critical JWT security vulnerability.
The examples below are safe because the choice in Signer is hard-coded and
cannot be influenced by malicious users.
Hmac and Blake2b
Hmac signatures are really simple to be used:
RSA, ECDSA and EdDSA
RSA, ECDSA and EdDSA signatures are based on public and private keys so you have to generate using the private key and verify using the public key:
It's important to say that if you're using RSA keys you shouldn't invoke ECDSA signers (and vice-versa), otherwise and will raise an exception!
All versions of larke-jwt with dependencies
ext-hash Version *
ext-json Version *
ext-openssl Version *
ext-mbstring Version *
ext-sodium Version *