1. Go to this page and download the library: Download lake/larke-jwt library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
lake / larke-jwt example snippets
use DateTimeImmutable;
use Larke\JWT\Builder;
use Larke\JWT\Signer\None;
use Larke\JWT\Signer\Key\InMemory;
$now = new DateTimeImmutable();
$signer = new None();
$key = InMemory::plainText('testing')
$token = (new Builder())
->issuedBy('http://example.com') // Configures the issuer (iss claim)
->permittedFor('http://example.org') // Configures the audience (aud claim)
->identifiedBy('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->issuedAt($now) // Configures the time that the token was issue (iat claim)
->canOnlyBeUsedAfter($now->modify('+1 minute')) // Configures the time that the token can be used (nbf claim)
->expiresAt($now->modify('+1 hour')) // Configures the expiration time of the token (exp claim)
->withClaim('uid', 1) // Configures a new claim, called "uid"
->getToken($signer, $key); // Retrieves the generated token
$token->headers()->all(); // Retrieves the token headers
$token->claims()->all(); // Retrieves the token claims
echo $token->headers()->get('jti'); // will print "4f1g23a12aa"
echo $token->claims()->get('iss'); // will print "http://example.com"
echo $token->claims()->get('uid'); // will print "1"
echo $token->toString(); // The string representation of the object is a JWT string (pretty easy, right?)
use Larke\JWT\Parser;
$token = (new Parser())->parse((string) $token); // Parses from a string
$token->headers()->all(); // Retrieves the token headers
$token->claims()->all(); // Retrieves the token claims
echo $token->headers()->get('jti'); // will print "4f1g23a12aa"
echo $token->claims()->get('iss'); // will print "http://example.com"
echo $token->claims()->get('uid'); // will print "1"
use DateTimeImmutable;
use Larke\JWT\Validator;
use Larke\JWT\ValidationData;
$now = new DateTimeImmutable();
$data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
$data->issuedBy('http://example.com');
$data->permittedFor('http://example.org');
$data->identifiedBy('4f1g23a12aa');
$validation = new Validator();
var_dump($validation->validate($token, $data)); // false, because token cannot be used before now() + 60
$data->currentTime($now->modify('+61 seconds')); // changing the validation time to future
var_dump($validation->validate($token, $data)); // true, because current time is between "nbf" and "exp" claims
$data->currentTime($now->modify('+4000 seconds')); // changing the validation time to future
var_dump($validation->validate($token, $data)); // false, because token is expired since current time is greater than exp
// We can also use the $leeway parameter to deal with clock skew (see notes below)
// If token's claimed now is invalid but the difference between that and the validation time is less than $leeway,
// then token is still considered valid
$dataWithLeeway = new ValidationData($now, 20);
$dataWithLeeway->issuedBy('http://example.com');
$dataWithLeeway->permittedFor('http://example.org');
$dataWithLeeway->identifiedBy('4f1g23a12aa');
var_dump($validation->validate($token, $dataWithLeeway)); // false, because token can't be used before now() + 60, not within leeway
$dataWithLeeway->currentTime($now->modify('+51 seconds')); // changing the validation time to future
var_dump($validation->validate($token, $dataWithLeeway)); // true, because current time plus leeway is between "nbf" and "exp" claims
$dataWithLeeway->currentTime($now->modify('+3610 seconds')); // changing the validation time to future but within leeway
var_dump($validation->validate($token, $dataWithLeeway)); // true, because current time - 20 seconds leeway is less than exp
$dataWithLeeway->currentTime($now->modify('+4000 seconds')); // changing the validation time to future outside of leeway
var_dump($validation->validate($token, $dataWithLeeway)); // false, because token is expired since current time is greater than exp
use DateTimeImmutable;
use Larke\JWT\Builder;
use Larke\JWT\Validator;
use Larke\JWT\Signer\Hmac\Sha256;
use Larke\JWT\Signer\Key\InMemory;
$now = new DateTimeImmutable();
$signer = new Sha256();
$key = InMemory::plainText('testing');
$token = (new Builder())
->issuedBy('http://example.com') // Configures the issuer (iss claim)
->permittedFor('http://example.org') // Configures the audience (aud claim)
->identifiedBy('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->issuedAt($now) // Configures the time that the token was issue (iat claim)
->canOnlyBeUsedAfter($now->modify('+1 minute')) // Configures the time that the token can be used (nbf claim)
->expiresAt($now->modify('+1 hour')) // Configures the expiration time of the token (exp claim)
->withClaim('uid', 1) // Configures a new claim, called "uid"
->getToken($signer, $key); // Retrieves the generated token
$key1 = InMemory::plainText('testing 1');
$key2 = InMemory::plainText('testing');
$validation = new Validator();
var_dump($validation->verify($token, $signer, $key1)); // false, because the key is different
var_dump($validation->verify($token, $signer, $key2)); // true, because the key is the same
use DateTimeImmutable;
use Larke\JWT\Builder;
use Larke\JWT\Validator;
use Larke\JWT\Signer\Key\LocalFileReference;
use Larke\JWT\Signer\Rsa\Sha256; // you can use Larke\JWT\Signer\Ecdsa\Sha256 if you're using ECDSA keys
$now = new DateTimeImmutable();
$signer = new Sha256();
$privateKey = LocalFileReference::file('file://{path to your private key}');
$token = (new Builder())
->issuedBy('http://example.com') // Configures the issuer (iss claim)
->permittedFor('http://example.org') // Configures the audience (aud claim)
->identifiedBy('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->issuedAt($now) // Configures the time that the token was issue (iat claim)
->canOnlyBeUsedAfter($now->modify('+1 minute')) // Configures the time that the token can be used (nbf claim)
->expiresAt($now->modify('+1 hour')) // Configures the expiration time of the token (exp claim)
->withClaim('uid', 1) // Configures a new claim, called "uid"
->getToken($signer, $privateKey); // Retrieves the generated token
$publicKey = LocalFileReference::file('file://{path to your public key}');
$validation = new Validator();
var_dump($validation->verify($token, $signer, $publicKey)); // true when the public key was generated by the private one =)
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.