PHP download

Download the PHP package miladrahimi/php-jwt without Composer

On this page you can find all versions of the php package miladrahimi/php-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download miladrahimi/php-jwt
More information about miladrahimi/php-jwt
Files in miladrahimi/php-jwt

Vendor miladrahimi
Package php-jwt
Short Description A PHP implementation of JWT (JSON Web Token) generator, parser, verifier, and validator
License MIT
Homepage https://github.com/miladrahimi/php-jwt

Keywords encoder parser validator decoder token jwt JSON Web Token verifier

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

miladrahimi/php-jwt

Rate from 1 - 5
Rated 5.00 based on 1 reviews

Example code of miladrahimi/php-jwt

Informations about the package php-jwt

PHP-JWT

PHP-JWT is a PHP package built for encoding (generating), decoding (parsing), verifying, and validating JSON Web Tokens (JWTs). Its design emphasizes a fluent, user-friendly, and object-oriented interface, crafted with performance in mind.

Supported algorithms:

HMAC: HS256, HS384, and HS512
RSA: RS256, RS384, and RS512
ECDSA: ES256, ES256K, and RS384
EdDSA: EdDSA

Supported features:

Built-in and custom validations
Multiple key and kid header handler

Confirmed by JWT.io.

Documentation

What is JWT?

If you're not familiar with JWTs, you can refer to the Wikipedia page or visit JWT.io for more information.

Installation

Include the package in your Composer dependencies using the following command:

Quick Start

Here's an example demonstrating how to generate a JWT and parse it using the HS256 algorithm:

HMAC Algorithms

HMAC algorithms rely on symmetric keys, allowing a single key to encode (sign) and decode (verify) JWTs. The PHP-JWT package supports HS256, HS384, and HS512 HMAC algorithms. The example above showcases the utilization of an HMAC algorithm to both sign and verify a JWT.

RSA Algorithms

RSA algorithms work with pairs of keys: a private key for signing JWTs and a corresponding public key for verification. This method is useful when the authentication server can't completely trust resource owners. The PHP-JWT package supports RS256, RS384, and RS512 RSA algorithms. The example below demonstrates this process.

You can refer to this instruction to learn how to generate a pair of RSA keys using OpenSSL.

ECDSA Algorithms

The ECDSA algorithm, similar to RSA, operates asymmetrically, providing even stronger security measures than RSA. The PHP-JWT package supports ES256, ES256K, and RS384 ECDSA algorithms. The example below demonstrates this process.

EdDSA Algorithm

EdDSA, similar to RSA and ECDSA, is an asymmetric cryptography algorithm and is widely recommended. In order to utilize it, ensure that the sodium PHP extension is installed in your environment. The following example demonstrates how to use it.

Please note that EdDSA keys must be in string format. If they are already base64 encoded, decoding them is necessary before use.

Validation

By default, the package validates certain public claims if present (using DefaultValidator), and parses the claims. If you have custom claims, you can include their validation rules as well. Check out this example:

In the aforementioned example, we extended DefaultValidator, which comes with pre-defined Rules for public claims. We strongly suggest extending it for your validation. Note that DefaultValidator is a subclass of BaseValidator. While you can utilize BaseValidator for your validations, opting for this means losing the built-in Rules, requiring you to manually add all the Rules yourself.

Rules

Validators rely on Rules to validate claims, with each Rule specifying acceptable values for a claim. You can access the built-in Rules within the MiladRahimi\Jwt\Validator\Rules namespace.

Descriptions for each Rule can be found within their respective class doc blocks.

Custom Rules

If the provided built-in Rules don't fulfill your requirements, you can create custom Rules. To do so, implement the Rule interface. For instance, consider the Even Rule below, designed to verify whether a given claim represents an even number:

Multiple Keys

The kid parameter within the JWT header plays a crucial role in managing multiple keys efficiently. By leveraging the "kid" header, you can assign a unique key identifier (kid) to each key that you use to sign JWTs. This enables seamless verification of JWTs by associating them with their respective key identifiers (kid). Check out this example:

Error Handling

Here are the exceptions that the package might throw:

Encoding:
- InvalidKeyException when the provided key is not valid.
- JsonEncodingException when cannot convert the provided claims to JSON.
- SigningException when cannot sign the token using the provided signer or key.
Decoding:
- InvalidTokenException when the JWT format is not valid (for example, it has no payload).
- InvalidSignatureException when the JWT signature is not valid.
- JsonDecodingException when the JSON extracted from JWT is not valid.
- ValidationException when at least one of the validation rules fails.
Finding Verifier:
- NoKidException when there is no kid in the token header.
- VerifierNotFoundException when no key/verifier matches the kid in the token header.

All of the exceptions mentioned are subclasses of the JwtException exception. By catching JwtException, you can handle all these cases collectively instead of catching each one individually.

License

PHP-JWT is initially created by Milad Rahimi and released under the MIT License.

All versions of php-jwt with dependencies

PHP Build Version

Package Version

Version v3.2.2 Release 01. Jun 2024
create-project require 2906 people choosed require and
0 people choosed create-project.

Download

Download latest version of php-jwt from vendor miladrahimi

Requires php Version >=7.4
ext-openssl Version *
ext-json Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package miladrahimi/php-jwt contains the following files

Loading the files please wait ....