Download the PHP package mangopop/jwt-verifier-sym28 without Composer
On this page you can find all versions of the php package mangopop/jwt-verifier-sym28. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download mangopop/jwt-verifier-sym28
More information about mangopop/jwt-verifier-sym28
Files in mangopop/jwt-verifier-sym28
Package jwt-verifier-sym28
Short Description A verifier library for working with Okta JWT's downgraded for use with symfony 2.8
License Apache-2.0
Informations about the package jwt-verifier-sym28
Okta JWT Verifier for PHP
As a result of a successful authentication by obtaining an authorization grant from a user or using the Okta API, you will be
provided with a signed JWT (id_token
and/or access_token
). A common use case for these access tokens is to use it
inside of the Bearer authentication header to let your application know who the user is that is making the request. In
order for you to know this use is valid, you will need to know how to validate the token against Okta. This guide gives
you an example of how to do this using Okta's JWT Validation library for PHP.
Release status
This library uses semantic versioning and follows Okta's library version policy.
Version | Status |
---|---|
0.x | :warning: Beta Release (Retired) |
1.x | :heavy_check_mark: Release |
The latest release can always be found on the releases page.
Installation
The Okta JWT Verifier can be installed through composer.
This library requires a JWT library. We currently support firebase/php-jwt. You will have to install this or create your own adaptor.
To create your own adaptor, just implement the Okta/JwtVerifier/Adaptors/Adaptor
in your own class.
You will also need to install a PSR-7 compliant library. We suggest that you use guzzlehttp/psr7
in your project.
Setting up the Library
To validate a JWT, you will need a few different items:
- Your issuer URL
- The JWT string you want to verify
- Access to your vendor autoload file in your script.
Validating a JWT
After you have a $jwtVerifier
from the above section and an access_token
from a successful sign in, or
from a Bearer token
in the authorization header, you will need to make sure that it is still valid.
All you need to do is call the decode
method (where $jwtString
is your access token in string format).
This will validate your JWT for the following:
- token expiration time
- the time it was issue at
- that the token issuer matches the expected value passed into the above helper
- that the token audience matches the expected value passed into the above helper
The result from the verify method is a Jwt
object which has a few helper methods for you:
Need help?
If you run into problems using the SDK, you can
- Ask questions on the Okta Developer Forums
- Post issues here on GitHub
- Working With OAuth 2.0 Tokens
Conclusion
The above are the basic steps for verifying an access token locally. The steps are not tied directly to a framework so
you could plug in the okta/okta-jwt
into the framework of your choice.
All versions of jwt-verifier-sym28 with dependencies
nesbot/carbon Version 1.39.1
psr/http-message Version ^1.0
php-http/client-common Version ^1.1
php-http/httplug Version ^1.1
php-http/message Version ^1.0
php-http/discovery Version ^1.2
php-http/curl-client Version ^1.7
bretterer/iso_duration_converter Version ^0.1.0